react-testing
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a 'MANDATORY' workflow in SKILL.md that instructs the agent to use a specific set of sub-agents and external tools, overriding default operational logic with a vendor-specific orchestration pattern.
- [INDIRECT_PROMPT_INJECTION]: The mandatory workflow involves researching external documentation via search tools and automated documentation queries.
- Ingestion points: Data from external web documentation and search results is ingested into the agent context via research tools like Exa and Context7.
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to isolate or ignore potentially malicious content within the researched documentation.
- Capability inventory: The agent has the capability to modify the codebase and execute tests using Vitest based on the results of the research.
- Sanitization: No sanitization or validation process is defined for the external data retrieved during the research phase.
- [UNVERIFIABLE_DEPENDENCIES]: The documentation provides templates for installing development dependencies such as vitest, msw, and @testing-library/react using the npm package manager. These are well-known, industry-standard libraries with high trust in the developer community.
Audit Metadata