reacticx
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructions frequently suggest the use of
npx reacticxto manage components. This command downloads and executes code directly from the npm registry from a source that is not within the Trusted External Sources list, presenting a remote code execution risk.\n- [COMMAND_EXECUTION] (MEDIUM): The skill uses command templates such asnpx reacticx add <component-name>. This creates an indirect command injection surface where an agent might process untrusted user input and generate a dangerous shell command if the input contains shell metacharacters or command separators.
Audit Metadata