beforemerge-react-review
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill consists of static Markdown documentation and rule sets for React code reviews. No malicious code, hidden scripts, or dangerous behaviors were detected within the provided files.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because its primary function is to analyze user-provided React code. Maliciously crafted code snippets could contain instructions aimed at subverting the agent's review logic.
- Ingestion points: User-provided React source code snippets and files reviewed by the agent.
- Boundary markers: The skill does not define specific delimiters or instructions to isolate the untrusted code being analyzed.
- Capability inventory: Includes pattern-matching patterns (grep) for auditing code structures, but no direct command execution capabilities are granted to the agent.
- Sanitization: Not applicable as the skill delivers advisory content rather than processing data for execution.- [EXTERNAL_DOWNLOADS]: The documentation references an installation method using
npxto add the skill from the author's repository. This is a standard and expected distribution method for this vendor and does not represent a security risk.
Audit Metadata