Skills
skills/yonatangross/orchestkit/form-state-patterns/Gen Agent Trust Hub

form-state-patterns

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill uses active shell execution to dynamically generate content based on the local environment.
  • Evidence: Multiple instances of shell commands in scripts/create-form.md using the ! prefix, such as !grep -r "react-hook-form\|formik" package.json and !find . -name "*form*.tsx".
  • Risk: This capability allows the agent to inspect the directory structure and read file contents (like package.json). If the shell execution environment is not properly sandboxed, it could be abused.
  • [DATA_EXPOSURE] (LOW): The skill explicitly reads the contents of package.json to identify installed libraries.
  • Evidence: grep commands targeting package.json to extract library names.
  • [PROMPT_INJECTION] (LOW): User-provided arguments are interpolated directly into the output code template.
  • Evidence: export function $ARGUMENTS() and /** $ARGUMENTS Form */.
  • Risk: While the arguments are not passed to the shell commands in this specific skill, malicious input could be used to generate broken or deceptive React components.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:38 AM