workos-authkit-react-router
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches latest documentation and implementation guidelines from the official WorkOS GitHub repository (workos/authkit-react-router). This is used as the primary reference for code patterns.
- [COMMAND_EXECUTION]: Uses local shell commands such as grep and npm run build to detect project configuration and verify successful integration during the verification phase.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection because the skill treats external README content as the 'source of truth' for logic and code patterns without explicit sanitization.
- Ingestion points: Remote documentation fetched via WebFetch from https://github.com/workos/authkit-react-router/blob/main/README.md.
- Boundary markers: Absent. No delimiters or instructions are provided to the agent to disregard potential instructions within the external content.
- Capability inventory: Includes local file system checks, grep searches, and execution of build scripts (npm run build).
- Sanitization: Absent. The skill follows the README instructions directly based on the detected mode.
Audit Metadata