react
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No attempts to override agent behavior, bypass safety filters, or extract system prompts were detected. The instructions are strictly limited to React development patterns and performance optimization guidelines.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials (API keys, tokens) or sensitive file path references (e.g., .ssh, .aws) were found. Network operations mentioned in code examples are placeholders for standard API interactions (e.g., /api/users).
- Obfuscation (SAFE): All files consist of clear, human-readable markdown and TypeScript code. No Base64 encoding, zero-width characters, or homoglyph-based obfuscation techniques were identified.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No automated remote script execution (like curl|bash) or suspicious package installation commands were found. The skill mentions standard libraries such as Zod and Framer Motion for educational purposes and provides installation steps for the official React Compiler.
- Indirect Prompt Injection (SAFE): While the skill is intended to influence agent output, it does so within the safe and intended domain of software engineering best practices. It does not ingest or process untrusted external data in a way that could lead to control flow subversion.
Audit Metadata