react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of instruction override, jailbreaking, or system prompt extraction were detected. The use of the word 'CRITICAL' in the document refers to performance impact levels, not security severity markers.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access local files, environment variables, or credentials. No network operations are present.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No package managers (npm/pip) or remote code downloads (curl/wget) are used. The skill is entirely static text.
- [Indirect Prompt Injection] (INFO): While the skill is designed to analyze user-provided code (untrusted data), it functions as a set of reasoning guidelines and lacks the necessary capabilities (such as file-writing or subprocess execution) to perform harmful actions if malicious code is encountered.
- [Obfuscation] (SAFE): No encoded strings (Base64), zero-width characters, or homoglyphs were found in the content.
Audit Metadata