react-doctor
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill uses
npx -y react-doctor@latestto download and execute an external package from the npm registry. This source is not within the defined 'Trusted External Sources' list. - COMMAND_EXECUTION (LOW): The skill executes shell commands (
npx) to perform its primary function. - PROMPT_INJECTION (LOW): The skill processes diagnostics generated from scanning potentially untrusted codebases. This creates a surface for indirect prompt injection if the audited code contains malicious content designed to influence the agent's interpretation of findings.
Audit Metadata