react
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to override agent behavior, bypass safety guardrails, or reveal system prompts. The triggers defined in 'skill-rules-fragment.json' are strictly for recommending coding best practices.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network communication patterns were found. The code examples use standard Web APIs like 'fetch' and 'localStorage' for legitimate educational purposes.
- Obfuscation (SAFE): No encoded strings, hidden characters, or homoglyphs were detected in any of the files.
- Unverifiable Dependencies (SAFE): The only external package referenced is '@tanstack/react-virtual', which is a standard, reputable library for React virtualization. No untrusted script downloads or piped bash executions are present.
- Indirect Prompt Injection (SAFE): While the skill includes patterns for fetching external data (e.g., 'DataFetcher', 'UserProfileContainer'), these are presented as static coding examples. There is no automated ingestion of untrusted data into the agent's prompt context that could lead to injection attacks.
Audit Metadata