react-health-audit
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the nvm installation script from an external repository using a high-risk piped execution pattern.
- Evidence:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bashinreferences/tool-installer.md. - [COMMAND_EXECUTION]: Performs global system modifications and destructive environment cleanup.
- Evidence: Installs
yarnandpnpmglobally usingnpm install -ginreferences/tool-installer.md. - Evidence: Executes
rm -rf node_modulesand removes lock files (package-lock.json,yarn.lock,pnpm-lock.yaml) during the version alignment process inreferences/version-alignment.md. - Evidence: Uses dynamic command execution via
find -execdirto run installation commands in subdirectories inreferences/version-alignment.md. - Evidence: Cleans the global npm cache using
npm cache clean --forceinreferences/version-alignment.md. - [PROMPT_INJECTION]: Significant attack surface for indirect prompt injection as the skill processes numerous untrusted project files.
- Ingestion points: The skill reads
package.json, source code (.tsx,.ts), CI/CD workflows, and configuration files across multiple steps (references/repository-inventory.md,references/config-analysis.md,references/cicd-analysis.md). - Boundary markers: Absent. There are no explicit instructions or delimiters used to prevent the agent from following instructions embedded in the analyzed code.
- Capability inventory: The skill utilizes high-privilege tools including
Bash,Write,Edit, andWebFetch, which could be exploited if malicious content is encountered in project data. - Sanitization: Absent. The skill analyzes raw file content from the repository without filtering or validation.
Audit Metadata