rive-react
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill instructs users to install standard NPM packages from a reputable source (@rive-app/react-canvas and @rive-app/react-webgl). These are required for the skill's stated purpose of rendering Rive animations.
- [COMMAND_EXECUTION] (SAFE): Includes routine installation commands (
npm install) which are expected for a development-focused skill. No dangerous or unauthorized shell commands were identified. - [DATA_EXFILTRATION] (SAFE): No patterns of sensitive file access (e.g., SSH keys, credentials) or unauthorized network requests to non-whitelisted domains were found.
- [PROMPT_INJECTION] (SAFE): The instructions are purely technical and do not attempt to bypass safety filters or override the AI agent's core instructions.
- [INDIRECT_PROMPT_INJECTION] (LOW): While the skill involves loading external .riv files, this is the primary function of the integration. No evidence of malicious interpolation or lack of sanitization in the provided examples was detected.
Audit Metadata