react-best-practices
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's primary function is to read and analyze source code files, which creates an attack surface for indirect prompt injection. instructions embedded in the analyzed codebase (such as in comments) could try to influence the agent's audit behavior.\n
- Ingestion points: Source code, hook, and test files are read from the local repository using the
Readtool.\n - Boundary markers: The instructions do not specify boundary markers or directives for the agent to ignore instructions found within the audited files.\n
- Capability inventory: The skill has access to powerful tools such as
Bash,Write,Edit, andWebFetch.\n - Sanitization: No specific content sanitization or filtering is defined for the analyzed code.
Audit Metadata