use-dom
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill does not contain any malicious patterns, prompt injections, or unauthorized data access attempts. It serves as a legitimate technical guide for a specific developer workflow.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. The code examples demonstrate the transfer of data between native and webview contexts using serializable props and async functions, which is standard behavior for the feature described.
- [EXTERNAL_DOWNLOADS]: The skill mentions and imports well-known web libraries such as
rechartsandreact-syntax-highlighter. These are established packages in the React ecosystem and are relevant to the skill's purpose. - [COMMAND_EXECUTION]: No suspicious command execution or privilege escalation patterns (like
sudoorchmod) were detected. The examples use standard React and React Native APIs. - [INDIRECT_PROMPT_INJECTION]: While the skill describes passing external data into a WebView (which is an attack surface), it does so in the context of a programming tutorial. It does not ingest untrusted data in a way that targets the agent's logic or security boundaries.
Audit Metadata