reatom
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references and provides instructions for using well-known services and repositories, specifically the official Reatom project on GitHub (e.g.,
github.com/reatom/reatomandgithub.com/reatom/reusables). These are recognized technology sources and are handled neutrally as part of standard developer workflows. - [COMMAND_EXECUTION]: The skill includes instructions for standard developer CLI tools, such as
npmandjsrepo, for managing package dependencies and scaffolding reusable components. These commands are typical for the described technical domain. - [PROMPT_INJECTION]: The skill uses authoritative instructional language (e.g., "always-loaded safety layer", "Hard guardrail") to ensure the AI agent prioritizes current library versions over deprecated ones. These are benign structural instructions intended to prevent hallucination and maintain accuracy, not attempts to bypass underlying safety filters.
- [DATA_EXFILTRATION]: Code snippets and examples use standard placeholder endpoints (e.g.,
/api/submit,/api/login) for demonstration. There is no evidence of actual sensitive data exfiltration or connections to suspicious domains. - [SAFE]: The skill promotes security best practices by explicitly instructing the agent to use 'Standard Schema' libraries (like Zod or Valibot) for validating all untrusted data, including form inputs, URL parameters, and persistent storage.
Audit Metadata