react-expert
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a 'Memory Protocol' that instructs the agent to execute a shell command ('cat .claude/context/memory/learnings.md') to read historical session context. This is a legitimate project-specific workflow for maintaining state and does not involve sensitive credentials or external exfiltration.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted user-supplied code while having access to system-modifying tools.
- Ingestion points: The skill analyzes user code matching patterns like **/.tsx and **/.jsx via the Read tool.
- Capability inventory: The agent is granted tools including Bash, Write, and Edit.
- Boundary markers: The instructions lack specific delimiters or instructions to ignore embedded commands within the analyzed code.
- Sanitization: No explicit validation or filtering is performed on the content of the ingested files.
Audit Metadata