reactjs-tiptap-editor
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (MEDIUM): The skill mandates the installation of 'reactjs-tiptap-editor' using bun. This package does not originate from a verified trusted organization or repository, posing a potential supply chain risk.\n- Prompt Injection (LOW): The skill implements an Indirect Prompt Injection surface (Category 8) by processing untrusted user content through a rich text editor for later rendering. Although the workflow requires sanitization (parseMarkdown), the use of 'dangerouslySetInnerHTML' in the public route component provides a direct capability for Cross-Site Scripting (XSS) if the sanitization logic is bypassed or improperly implemented.\n
- Ingestion points: Untrusted data enters via 'initialContent' and 'onChange' in the 'PostEditor.tsx' component.\n
- Boundary markers: Absent (relies on Markdown as an intermediate format).\n
- Capability inventory: Database insertion (supabase.from('posts').insert) and HTML rendering (dangerouslySetInnerHTML).\n
- Sanitization: Explicitly instructed in the rendering phase but depends on an external implementation.
Audit Metadata