react-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or reveal system prompts were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not attempt to access sensitive system files (e.g., SSH keys, credentials) or perform unauthorized network requests.
- [Remote Code Execution] (SAFE): There are no patterns involving the download or execution of remote scripts (e.g., curl|bash).
- [Command Execution] (SAFE): The provided grep commands are used exclusively for searching local reference documentation and do not pose a security risk.
- [Indirect Prompt Injection] (SAFE): While the skill interacts with a local references directory, the data ingestion surface is limited to technical performance guidelines and does not incorporate untrusted external input.
Audit Metadata