react-container-presentation-component
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured to execute local shell commands including
npm run storybook, as well as project-specific build and linting routines. These commands are standard for the described development workflow and, in the case of Storybook, require explicit user confirmation before execution. - [PROMPT_INJECTION]: The skill processes user-supplied component names to generate file paths and code content, which represents a surface for indirect prompt injection.
- Ingestion points: User-provided component name and classification type (ui/features) via the primary argument hint.
- Boundary markers: None identified; the skill relies on the LLM to interpret the user input directly into file paths.
- Capability inventory: The skill has the capability to write multiple files to the local file system (index.tsx, useComponentName.tsx, etc.) and execute shell scripts (npm) within the project directory.
- Sanitization: The skill instructs the agent to validate that the component name follows PascalCase and to check for the existence of target directories before performing write operations.
Audit Metadata