Skills
skills/bergside/typeui/typeui-cli/Gen Agent Trust Hub

typeui-cli

Pass

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches a JSON index and markdown files from the author's GitHub repository (bergside/awesome-design-skills) to populate local agent instructions.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute 'npx typeui.sh' and local 'node' commands to perform file operations, build the tool from source, and manage a local cache in the user's home directory (~/.typeui-sh).
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes external markdown files that act as agent instructions without sufficient isolation or validation.
  • Ingestion points: Markdown content retrieved from GitHub via the 'pull' command.
  • Boundary markers: Absent; pulled content is written directly to skill files.
  • Capability inventory: The CLI performs file writes to the project directory and local user storage.
  • Sanitization: Absent; the skill does not mention validation or filtering of the fetched instruction content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 11, 2026, 04:15 AM