component-refactoring
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): The instructions use standard pedagogical language and do not contain bypass markers, 'ignore previous instructions' commands, or role-play jailbreak attempts.
- [Data Exposure & Exfiltration] (SAFE): There are no references to sensitive file paths, environment variables, or hardcoded credentials. No network operations or data transmission commands are present.
- [Obfuscation] (SAFE): The file is written in clear-text markdown. No Base64, zero-width characters, or homoglyphs were detected.
- [Unverifiable Dependencies & RCE] (SAFE): The skill does not download or execute remote scripts. References to 'bun run' commands are standard local development workflows and do not involve piped remote execution.
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted React component code. While it lacks explicit boundary markers, it only provides refactoring instructions and lacks the capabilities (network or file write) required for an injection to result in exfiltration or persistence.
- [Persistence & Escalation] (SAFE): No attempts to modify shell profiles, system services, or acquire root privileges were found.
Audit Metadata