react-devtools
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates primarily through the
agent-react-devtoolsCLI. It executes subcommands to manage a local daemon (start,stop) and query runtime data from connected applications. These operations are consistent with the skill's stated purpose of providing a developer tool interface.- [EXTERNAL_DOWNLOADS]: The documentation inreferences/setup.mdsuggests usingnpx agent-react-devtools initfor automated framework configuration. This involves downloading and executing the vendor's package from a registry. Asagent-react-devtoolsis a resource belonging to the author 'piotrski', this is documented as a standard vendor-provided setup process.- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting and displaying data (component names, props, and state) from external React applications. - Ingestion points: Data enters the agent's context through CLI commands like
agent-react-devtools get treeandagent-react-devtools get component. - Boundary markers: The instructions do not specify the use of delimiters or protective headers for the data returned by these commands.
- Capability inventory: The agent has the
Bashcapability to execute local commands via the tool. - Sanitization: There is no mention of sanitizing or escaping the retrieved component properties or state values before they are processed by the agent.
Audit Metadata