Skills
skills/instantx-research/skills/frontend-reactor/Gen Agent Trust Hub

frontend-reactor

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development commands, including npx create-next-app, npm install, and npm run build. These operations are used to scaffold the output project and verify its build integrity as described in the conversion pipeline.
  • [EXTERNAL_DOWNLOADS]: The skill fetches development dependencies and project templates from well-known registries (NPM) and official repositories (Vercel). It also uses Playwright, which downloads browser binaries from official Microsoft sources for the validation phase.
  • [REMOTE_CODE_EXECUTION]: The core functionality involves generating React and TypeScript code from provided HTML inputs and then executing that code via local build and dev processes (npm run dev). This is the intended behavior of the skill and is performed within the user-specified output directory.
  • [DATA_EXFILTRATION]: While the skill can fetch content from external URLs provided by the user (Mode C), its operations are focused on retrieving visual and structural data for conversion rather than accessing or transmitting sensitive local system data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 06:36 AM