review-react
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to provide static analysis and feedback on React code. It explicitly excludes security and architectural reviews from its scope.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted code inputs to generate review findings. While this constitutes an attack surface, the risk is negligible as the skill lacks high-privilege capabilities such as network access, file writing, or command execution.
- Ingestion points: SKILL.md input_schema accepts 'code-scope' (files or directories).
- Boundary markers: The skill uses a structured output contract but lacks explicit 'ignore instructions' delimiters for the ingested code.
- Capability inventory: No file system writes, network requests, or subprocess executions are defined in the skill files.
- Sanitization: No specific sanitization of input code is documented.
Audit Metadata