block-inventory
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ls -d blocks/*/to identify UI components already present in the user's project environment. This is a standard file system discovery operation for the intended purpose. - [COMMAND_EXECUTION]: The skill runs a local script
node .claude/skills/block-collection-and-party/scripts/search-block-collection-github.jsto query a pre-defined component library. This is a controlled execution of a local dependency. - [EXTERNAL_DOWNLOADS]: The skill references
adobe.aem.liveURLs to retrieve block descriptions and examples. This is an official vendor-controlled domain belonging to the skill author (Adobe) and is used for its legitimate purpose. - [PROMPT_INJECTION]: The skill proactively addresses Indirect Prompt Injection by instructing the agent to treat all fetched content as untrusted and explicitly warning against following any commands or directives embedded within that content.
Audit Metadata