Skills
skills/somnio-software/somnio-ai-tools/react-best-practices/Gen Agent Trust Hub

react-best-practices

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of analyzing external codebase content.
  • Ingestion points: The skill uses Read, Grep, and Glob tools to ingest untrusted data from the user's local React components, hooks, and test files (e.g., in references/testing-quality.md).
  • Boundary markers: Absent. There are no instructions directing the agent to use delimiters or ignore instructions that may be embedded in comments, strings, or metadata within the analyzed source code.
  • Capability inventory: The skill utilizes high-privilege tools including Bash, WebFetch, Write, and Edit, which could be abused if the agent is manipulated by instructions hidden in the code it audits.
  • Sanitization: Absent. No specific validation, escaping, or filtering processes are defined for the data read from the codebase before it is processed by the agent.
  • [SAFE]: References and documentation links target the author's own official repository (somnio-software/somnio-ai-tools), which is consistent with the skill's intended purpose and provider identity.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 03:28 PM