tailwindcss
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected. The content remains strictly educational and instructional regarding CSS styling.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were found. The CSS and HTML examples use standard placeholder text.
- Obfuscation (SAFE): No Base64, zero-width characters, or encoded commands are present in the documentation or templates.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any package installations or remote script executions. References to
@import 'tailwindcss'are standard for CSS development. - Privilege Escalation (SAFE): No commands requiring elevated permissions (e.g., sudo, chmod) are included.
- Persistence Mechanisms (SAFE): There are no attempts to modify system configuration files or establish scheduled tasks.
- Metadata Poisoning (SAFE): Skill metadata is descriptive and aligned with the provided content without hidden instructions.
- Indirect Prompt Injection (SAFE): The skill provides static templates and does not ingest or process untrusted external data.
- Time-Delayed / Conditional Attacks (SAFE): No logic exists to trigger behavior based on time or specific environment conditions.
- Dynamic Execution (SAFE): The skill is composed of Markdown, CSS, and HTML/TSX snippets for reference; it does not utilize eval(), exec(), or runtime code generation.
Audit Metadata