heroui-native
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill references an installation command that fetches and executes a shell script from heroui.com via piped shell execution. While this pattern bypasses traditional package manager verification, it is a documented installation method from the vendor's official domain.
- [EXTERNAL_DOWNLOADS]: Multiple JavaScript utilities in the scripts/ directory fetch library metadata, component documentation (MDX), and theme variables from the official heroui.com and native-mcp-api.heroui.com domains.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various shell commands for project initialization, package installation (npm/npx), and documentation access.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by fetching external MDX documentation at runtime and ingesting it into the agent's context.
- Ingestion points: scripts/get_component_docs.mjs and scripts/get_docs.mjs.
- Boundary markers: No specific delimiters are implemented to isolate external content.
- Capability inventory: The agent is instructed to perform package installations and code generation based on the fetched data.
- Sanitization: Content is retrieved via fetch and logged directly to the output without validation or filtering.
Audit Metadata