Skills
skills/jeffallan/claude-skills/react-expert/Gen Agent Trust Hub

react-expert

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The workflow in SKILL.md instructs the agent to execute tsc --noEmit. This is a routine development task for validating TypeScript types and ensuring code correctness before finalizing components.
  • [EXTERNAL_DOWNLOADS]: The skill references multiple standard Node.js packages and libraries in its documentation and code examples, such as Zustand, Redux Toolkit, and TanStack Query. These are common dependencies in the React ecosystem.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests untrusted user requirements to produce executable code and validation commands.
  • Ingestion points: User-provided application requirements and React code snippets are processed as part of the core workflow in SKILL.md.
  • Boundary markers: The instructions do not define specific delimiters or guardrails to isolate user-provided data from system instructions.
  • Capability inventory: The skill has the capability to write files (React components) and execute shell commands (tsc) as documented in SKILL.md.
  • Sanitization: There are no explicit sanitization or validation steps mentioned for the data entering the prompt chain.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 11:28 AM