vite-config-react19-spa-expert
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is entirely composed of markdown instructions and does not include any scripts (.py, .js, .sh), executables, or automated dependency management.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its analysis of external data. 1. Ingestion points: The skill reads contents from viteConfig, tsconfig, packageJson, and devServerLogs. 2. Boundary markers: The instructions do not specify the use of delimiters or warnings to ignore embedded instructions in the provided files. 3. Capability inventory: The skill proposes JSON-formatted file patches (filePath, before, after) to the host agent. 4. Sanitization: No sanitization, validation, or escaping of the input content is defined in the instructions.
Audit Metadata