react-grab
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's instructions and scripts consistently use the command 'npx -y grab@latest'. While the project is titled 'react-grab', 'grab' is a separate and unrelated package on the npm registry. This discrepancy poses a risk of executing unintended code from an unverifiable source. \n- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies from the npm registry and loads client-side scripts from 'unpkg.com'. While these are well-known services, the reliance on an unverified package name ('grab') introduces risk. \n- [COMMAND_EXECUTION]: Shell scripts 'install.sh' and 'add-agent.sh' perform system-level operations including package management and tool configuration. \n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by capturing data from browser UI elements and component metadata to be processed by AI agents. \n
- Ingestion points: Captured HTML markup, component names, and file paths from the browser DOM (SKILL.md, references/api.md). \n
- Boundary markers: The clipboard output uses plain text headers but lacks robust delimiters or 'ignore' instructions to prevent agents from interpreting captured data as commands. \n
- Capability inventory: Integrated agents like Claude Code and Cursor possess broad capabilities including shell execution and file modification. \n
- Sanitization: The skill does not perform sanitization or filtering of the captured browser content before passing it to the agent.
Audit Metadata