react-security
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational resource for securing React applications. It identifies high-risk areas such as XSS, CSRF, and insecure token storage.
- [SAFE]: Instructions for XSS prevention correctly recommend the use of DOMPurify for sanitizing HTML input and warn against using dangerouslySetInnerHTML with untrusted data.
- [SAFE]: Authentication guidelines follow industry standards by recommending HttpOnly and Secure cookies for JWT/session storage instead of localStorage to mitigate token theft.
- [SAFE]: The skill includes implementation examples for Content Security Policy (CSP), CSRF protection via tokens, and client-side rate limiting, which are standard security controls.
- [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or remote code execution was found. The skill does not perform any network operations or access sensitive system files.
Audit Metadata