Skills
skills/rdimascio/react-marketplace/validation-helper/Gen Agent Trust Hub

validation-helper

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill is designed to analyze and modify external React component files, which are untrusted data sources.
  • Ingestion points: Component source code accessed via Read, Grep, and Glob tools.
  • Boundary markers: The skill lacks explicit instructions to the agent to treat code comments or metadata as non-instructional, increasing the risk of the agent obeying embedded commands.
  • Capability inventory: The skill possesses Write and Edit permissions, allowing it to commit changes to the local filesystem based on processed input.
  • Sanitization: There is no evidence of content sanitization or validation before processing external code.
  • [COMMAND_EXECUTION] (LOW): While the skill uses standard tools like Grep and Glob, these are used within the context of code analysis and do not currently point to arbitrary shell execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 08:00 AM