react-component-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): High-risk Indirect Prompt Injection surface detected (Category 8). The skill ingests untrusted user requirements and has the capability to write the resulting code to the filesystem.
- Ingestion points: User-provided component names and functional requirements are used to interpolate templates from the assets/ directory.
- Boundary markers: None found; the skill does not instruct the agent to use delimiters or to disregard instructions within the user input.
- Capability inventory: The agent is granted Write and Edit permissions, which allows for the creation of potentially malicious files if the user input contains a prompt injection attack.
- Sanitization: No validation or sanitization process is described for the user input before it is used in code generation.
Recommendations
- AI detected serious security threats
Audit Metadata