markstream-react
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions involve installing the
markstream-reactpackage and its optional peer dependencies via a package manager. This is the primary intended function of the skill for library integration. - [COMMAND_EXECUTION]: The workflow includes running standard development commands (dev, build, or typecheck) to validate the integration within the host repository.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to operate on a host repository (untrusted data source) and has the capability to modify code and install packages.
- Ingestion points: Files and structure of the React/Next.js repository being modified (SKILL.md).
- Boundary markers: None specified in the instructions.
- Capability inventory: Package installation and source code modification.
- Sanitization: The skill does not explicitly describe sanitization steps, but it advocates for using the library's built-in
safeHTML policy by default.
Audit Metadata