react-grab
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and execute the
grabpackage from the NPM registry vianpxand to include client-side scripts from the Unpkg CDN (//unpkg.com/react-grab/dist/index.global.js). These are standard well-known services for Node.js development. - [COMMAND_EXECUTION]: The skill contains shell scripts (
install.sh,add-agent.sh) that execute commands to install the utility and configure AI agent integrations. These scripts perform environment checks and triggernpxfor installation tasks. - [REMOTE_CODE_EXECUTION]: The skill relies on
npx -y grab@latestto initialize the tool. This command fetches and executes the latest version of the CLI utility from the public NPM registry. This is a standard mechanism for developer tooling and is used here to set up the local development environment. - [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests untrusted data from the browser DOM (HTML markup, component stacks) to be processed by an AI agent.
- Ingestion points: Browser UI elements (HTML, component names, file paths) captured via the react-grab overlay and copied to the clipboard or accessed via MCP.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between tool context and potential embedded instructions in the captured HTML.
- Capability inventory: The skill allows for significant system interaction via the
Bash,Read,Write,Edit,Glob, andWebFetchtools. - Sanitization: The tool captures raw element context without explicit sanitization, which is consistent with its purpose of providing full developer context.
Audit Metadata