react
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters. The content is purely educational documentation.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. Network examples (e.g., fetch, WebSocket) use illustrative API endpoints typical of React development documentation.
- Obfuscation (SAFE): The files are written in clear Markdown and TypeScript. No suspicious encoding, zero-width characters, or homoglyphs were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): While some files suggest installing well-known libraries (e.g.,
core-js,@builder.io/partytown), these are standard industry tools. There are no instances of piped remote script execution or dynamic code execution of untrusted input. - Privilege Escalation & Persistence (SAFE): No commands related to system privilege modification or persistence mechanisms (e.g., cron jobs, shell profile modification) were identified.
- Metadata Poisoning (SAFE): Frontmatter and metadata fields are consistent with the technical content and do not contain deceptive instructions.
- Indirect Prompt Injection (SAFE): The skill does not ingest untrusted data at runtime; it is a static set of reference files.
- Dynamic Execution (SAFE): Examples of
dangerouslySetInnerHTMLare used for legitimate patterns (like hydration flicker prevention) and do not involve executing untrusted user input.
Audit Metadata