react-component-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill defines an attack surface for indirect prompt injection as it interpolates user-provided descriptions into generated code and utilizes file system tools. (1) Ingestion points: User prompts in SKILL.md (e.g., "Create a user login form component"). (2) Boundary markers: Absent. No instructions are provided to the agent to ignore instructions embedded within the user's component description. (3) Capability inventory: Uses Read, Write, Edit, Glob, and Grep tools which allow modifying the local file system. (4) Sanitization: Absent. The skill does not describe any validation or sanitization of the user input before it is used in the Write tool.
Audit Metadata