one-component-per-file-best-practice
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability. The skill analyzes and refactors external React and Vue source code files, which could contain malicious instructions embedded in comments or strings designed to influence the agent's behavior during the modification process.\n
- Ingestion points: The skill ingests .tsx, .jsx, and .vue files recursively from user-specified directories as described in references/workflow.md.\n
- Boundary markers: The instructions lack explicit boundary markers or directions for the agent to ignore instructions found within the code being processed.\n
- Capability inventory: The agent is authorized to perform file system read and write operations, including creating new files and modifying existing source files to migrate component definitions, as outlined in references/workflow.md.\n
- Sanitization: There is no specified sanitization or validation of the ingested source code content before it is processed by the agent.
Audit Metadata