react-to-taro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (LOW): The documentation references APIs that allow access to potentially sensitive information, including clipboard data (
getClipboardData), system metadata (getSystemInfoSync), and local storage (getStorage). While these are standard framework capabilities, they represent potential data access surfaces. - [PROMPT_INJECTION] (LOW): The skill details components such as
RichTextand lifecycle hooks likeuseLoad(which processes URL parameters). These features ingest external data, creating an indirect prompt injection surface if the data is not sanitized. However, this is inherent to the framework's purpose. - [SAFE] (SAFE): No hardcoded credentials, remote code execution patterns, or suspicious network operations were found. The documentation follows standard developer reference patterns.
Audit Metadata