tailwind-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious patterns were detected. The skill provides static UI patterns, documentation, and boilerplate code for common web components.
- [SAFE]: Data exposure and exfiltration check: No hardcoded credentials, sensitive file access, or unauthorized network calls were found. Placeholder links in templates point to well-known social media platforms and standard API endpoints (e.g., /api/contact).
- [SAFE]: Indirect Prompt Injection analysis: While the skill provides templates for forms (e.g., contact-form.tsx) which represent a data ingestion surface, it does not include exploitable capabilities like dynamic code execution or privileged system access.
- Ingestion points: User inputs in
templates/components/contact-form.tsx(name, email, subject, message). - Boundary markers: Standard React props and state management are used; no specific prompt boundary markers are present as these are generic templates.
- Capability inventory: The skill is limited to UI rendering and local state management within React; no subprocess calls, file writes, or network operations are implemented beyond commented-out examples.
- Sanitization: The templates include basic client-side validation (e.g., regex for email) but correctly rely on the implementer for server-side security.
Audit Metadata