docyrus-app-ui-design
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill directs the agent to execute
pnpm dlx shadcn@latest add, a command that downloads and runs code from remote registries to add components to the project. This pattern automatically integrates external code into the developer's local environment. - [EXTERNAL_DOWNLOADS]: The catalog includes several libraries and domains not identified as trusted vendors or well-known services, such as @diceui (diceui.com), @animate-ui, and @reui. Fetching code from these unverified third-party sources increases the supply chain risk.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing natural language user requirements for UI tasks. It lacks clear boundary markers or sanitization to prevent malicious user input from manipulating the component selection or installation process.
- Ingestion points: User tasks involving component selection, UI design, and dashboard creation specified in
SKILL.md. - Boundary markers: None present in the instructions to delimit user input from agent instructions.
- Capability inventory: Remote code installation via
pnpmand component integration across all referenced files. - Sanitization: No validation or sanitization of user-provided parameters before use in installation commands.
Audit Metadata