setup-react-doctor
Warn
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a persistence mechanism by generating a script and writing it to .git/hooks/pre-commit, causing it to execute automatically on every local commit attempt.
- [COMMAND_EXECUTION]: The skill instructs the agent to modify file permissions using chmod +x on the generated hook script to make it executable.
- [EXTERNAL_DOWNLOADS]: The skill references and executes react-doctor, an external analysis tool. The execution of such third-party tools involves running code that is not contained within the skill itself.
- [COMMAND_EXECUTION]: The skill presents an indirect injection risk surface. Ingestion points: package.json and React component source files. Boundary markers: None present. Capability inventory: File-write to .git/hooks/pre-commit and .github/workflows/react-doctor.yml, and chmod execution. Sanitization: No sanitization or validation of input file content is specified.
Audit Metadata