react-refactoring
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes 'yarn eslint' with the '--fix' flag on modified React component files. This is a standard part of the development workflow to ensure code quality after automated refactoring, but it represents a capability to execute shell commands based on file paths.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its code analysis workflow. 1. Ingestion points: Reads local React component files (.tsx, .jsx) provided by the user or found in the directory. 2. Boundary markers: Absent; there are no instructions to disregard or escape prompts hidden within code comments or strings. 3. Capability inventory: Writing files, making git commits, executing shell commands (eslint), and tasking sub-agents. 4. Sanitization: Absent; the code is analyzed directly for patterns without pre-processing to remove potential injection vectors.
Audit Metadata