skeleton-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (INFO): The skill fetches index and framework-specific documentation files from https://www.skeleton.dev. This is the official domain for the framework and is considered low risk for this specific use case.
- Prompt Injection (LOW): The skill ingests external content from .txt files which creates a surface for indirect prompt injection. If the remote files were compromised, they could contain instructions to steer the agent's behavior. 1. Ingestion points: Fetches llms.txt, llms-svelte.txt, and llms-react.txt from skeleton.dev. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present. 3. Capability inventory: Reads local project files (package.json) and generates or reviews UI code. 4. Sanitization: No explicit sanitization of the fetched text is performed.
Audit Metadata