react-doctor
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill triggers the download of the
react-doctorpackage from the public npm registry at runtime using thenpxcommand. - [REMOTE_CODE_EXECUTION]: The use of
npx -y react-doctor@latestallows for the execution of remote code. By specifying the@latesttag, the skill does not pin a specific version, meaning the behavior of the skill can change if the remote package is updated or compromised. - [COMMAND_EXECUTION]: The skill executes a shell command to perform its primary function. This command runs with the permissions of the agent and accesses the project's root directory (
.). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and acts upon untrusted data from the codebase being scanned.
- Ingestion points: The agent reads diagnostics produced by the
react-doctortool, which may include fragments or metadata from the scanned source files. - Boundary markers: There are no explicit delimiters or instructions provided to help the agent distinguish between legitimate diagnostic messages and potential malicious instructions embedded in the scanned code comments or strings.
- Capability inventory: The agent is instructed to modify the codebase ("Fix issues") based on the content of these diagnostics.
- Sanitization: The skill does not implement any validation or sanitization of the tool's output before it is presented to the agent for action.
Audit Metadata