Skills
skills/sumik5/sumik-claude-plugin/developing-react/Gen Agent Trust Hub

developing-react

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's INSTRUCTIONS.md file recommends executing npx -y react-doctor@latest ., which fetches the react-doctor package and its dependencies from the NPM registry at runtime. It also references numerous other NPM packages for state management, testing, and UI components throughout the documentation.
  • [COMMAND_EXECUTION]: Explicit shell commands are provided for the AI agent to run diagnostics, such as npx -y react-doctor@latest .. The use of the -y flag allows the command to proceed with installation and execution automatically, bypassing manual user confirmation.
  • [REMOTE_CODE_EXECUTION]: Recommending the execution of the react-doctor tool via npx constitutes a remote code execution pattern, as it triggers the download and immediate execution of code from an external repository onto the local environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:14 PM