reflex-dev
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill provides instructions for standard development commands like
reflex runandreflex init. These are appropriate for the framework's operation and described use cases. - External Downloads (SAFE): The skill recommends installing
reflex, which is a well-known and legitimate Python web framework. Per [TRUST-SCOPE-RULE], these downloads are considered safe as they belong to a trustworthy ecosystem. - Indirect Prompt Injection (LOW): \n
- Ingestion points: The script
examples/file_upload.pyaccepts user-uploaded files through therx.UploadFilecomponent. \n - Boundary markers: No explicit markers or instructions are provided to the agent to treat filenames or content as untrusted. \n
- Capability inventory: The skill uses
open()to write files to the local disk in the./uploads/directory (file:examples/file_upload.py). \n - Sanitization: While the code validates file extensions, it does not sanitize the
file.filenameattribute for path traversal characters (e.g.,../), creating a theoretical vulnerability surface where a malicious filename could target sensitive paths outside the intended directory. - Data Exposure & Exfiltration (SAFE): Investigated the automated scan alert for 'state.in'; no literal URL or malicious usage of this domain was found in the provided files. The alert likely triggered on substrings within legitimate code, such as
State.incrementorState.items.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata