react-best-practices
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability via untrusted code ingestion.
- Ingestion points: The skill is designed to process external source code, including React components and TanStack routes, for performance analysis and refactoring.
- Boundary markers: No specific delimiters or security instructions are provided to isolate the untrusted code content from the agent's instructions.
- Capability inventory: The skill description explicitly supports 'automated refactoring and code generation,' granting the agent write-access capabilities that could be subverted.
- Sanitization: There is no evidence of sanitization or filtering for the code being analyzed, allowing malicious instructions in comments or string literals to potentially control the agent's output or modifications.
Recommendations
- AI detected serious security threats
Audit Metadata