tailwind-css
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to run
npx @tailwindcss/upgradefor automated migration. This command downloads and executes external code from the npm registry at runtime. As the organization (@tailwindcss) is not included in the trusted whitelist, this is a high-risk remote code execution finding. - EXTERNAL_DOWNLOADS (MEDIUM): The documentation references several Node.js packages (@tailwindcss/cli, @tailwindcss/postcss, @tailwindcss/vite) originating from unverified sources. Relying on these packages introduces a supply-chain risk as they are not within the defined trust scope.
Recommendations
- AI detected serious security threats
Audit Metadata