The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses multiple bash commands (e.g., npm list, grep, find, node -e) to detect the React version, build configurations, and project structure. It executes these commands directly on the user's filesystem.\n- [REMOTE_CODE_EXECUTION]: The skill invokes npx eslint and npm test. npx can download and execute packages from the NPM registry at runtime, while npm test executes the project's own test scripts, which may contain arbitrary code. Additionally, node -e is used for dynamic JavaScript execution to parse dependencies.\n- [DATA_EXFILTRATION]: The skill performs extensive scanning of the local src/ directory to identify hooks and component patterns. While no network transmission of this data was detected, the skill lacks boundary markers or sanitization when reading these files. 1. Ingestion points: Reads local source files in the src/ directory via grep and find. 2. Boundary markers: None present. 3. Capability inventory: Execution of bash commands, project tests (npm test), and linting tools (npx eslint). 4. Sanitization: None detected.\n- [SAFE]: External URLs referenced for documentation target official and well-known domains, including react.dev and nextjs.org.

react-expert