react-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs static analysis on local files to generate architectural recommendations. No network activity, hardcoded secrets, or persistence mechanisms were found.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill reads and processes untrusted React source code. Evidence: * Ingestion points: .tsx and .jsx files via glob and grep (SKILL.md). * Boundary markers: Absent. * Capability inventory: Read, Edit, Grep, Glob, and Bash (SKILL.md). * Sanitization: Absent. The risk is mitigated as the skill's instructions focus on generating a text report rather than executing code or performing sensitive operations based on the input.
Audit Metadata