heroui-migration
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions in
SKILL.mduse a dangerous pattern that pipes a remote script directly fromv3.heroui.cominto the bash shell (curl -fsSL https://v3.heroui.com/install | bash). This executes arbitrary code from a remote server without prior inspection. - [EXTERNAL_DOWNLOADS]: Several migration scripts (e.g.,
get_component_migration_guides.mjs,get_migration_guide.mjs) fetch MDX-formatted documentation from a staging environment hosted on Vercel (heroui-git-docs-migration-heroui.vercel.app). While Vercel is a trusted provider, fetching content from non-production staging URLs introduces risks regarding the stability and integrity of the source. - [PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection (Category 8) because it retrieves documentation from external URLs and displays it as authoritative guides for the agent to follow during code migration.
- Ingestion points: MDX files fetched by the Node.js scripts in the
scripts/directory. - Boundary markers: The skill does not provide any clear delimiters or instructions for the agent to ignore embedded commands within the fetched documentation.
- Capability inventory: The agent is expected to use these guides to perform code modifications, change component APIs, and update project dependencies.
- Sanitization: The scripts do not perform any sanitization or validation of the remote content before presenting it to the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://v3.heroui.com/install - DO NOT USE without thorough review
Audit Metadata