react-native-ease-refactor
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
greputility to perform filesystem searches for animation-related patterns in Phase 1. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted source code from the project to drive its classification logic and report generation. Ingestion points: Project source files including .ts, .tsx, .js, and .jsx extensions. Boundary markers: Absent; the skill does not use specific delimiters to isolate file content from instructions. Capability inventory: The skill has permissions to read files, execute shell commands (grep), and modify project source code. Sanitization: None; the skill relies on regex patterns but does not sanitize or escape the content of the files it reads before processing them.
Audit Metadata