tailwind-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No direct malicious code, obfuscation, or persistence mechanisms were detected.
- [EXTERNAL_DOWNLOADS]: References to external resources are limited to the official
tailwindcss.comdomain, which is a trusted source for CSS documentation. - [COMMAND_EXECUTION]: The skill references specific MCP tools for searching Tailwind documentation and utilities, which are intended and context-appropriate functionalities for the agent.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
- Ingestion points: User-provided CSS and HTML templates passed to MCP tools such as
mcp__tailwindcss__convert_css_to_tailwind. - Boundary markers: Absent; there are no instructions for the agent to use delimiters or to ignore potential instructions embedded within user input.
- Capability inventory: Includes tool calls for dynamic documentation searching, color palette retrieval, and component template generation.
- Sanitization: Absent; the skill does not define any sanitization, escaping, or validation logic for the external CSS or HTML data it processes.
Audit Metadata