panda-css
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection because it retrieves instructions from external text files and applies them to its primary task of code modification.
- Ingestion points: The skill fetches data from 'https://panda-css.com/llms.txt' and multiple section-specific sub-paths.
- Boundary markers: The instructions contain no delimiters or warnings to ignore embedded instructions within the fetched documents.
- Capability inventory: The skill is explicitly designed to create and edit code, providing a write-capable surface for injected instructions.
- Sanitization: No sanitization or validation of the external content is performed before it is used to guide the agent's actions.
- External Downloads (MEDIUM): The skill downloads resources from 'panda-css.com'. While this is the official domain for the library, it is not included in the [TRUST-SCOPE-RULE] list of trusted sources, and the download is not integrity-checked.
Recommendations
- AI detected serious security threats
Audit Metadata