tailwind-css
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were found.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive system files, environment variables, or hardcoded credentials. No unauthorized network requests are present.
- [Obfuscation] (SAFE): No use of Base64, zero-width characters, or homoglyphs to hide malicious intent.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The installation instructions reference standard, well-known packages from the npm registry (
tailwindcss,postcss,@tailwindcss/vite). There is no execution of remote scripts via piped commands. - [Privilege Escalation] (SAFE): No usage of
sudo,chmod, or other commands designed to elevate system privileges. - [Persistence Mechanisms] (SAFE): The skill does not attempt to modify shell profiles or create scheduled tasks for persistence.
- [Indirect Prompt Injection] (LOW): The skill provides a surface for processing user-defined CSS and configuration, which is standard for a development tool. It does not include exploitable logic that would facilitate an attack via processed data.
Audit Metadata