heroui-react
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides an installation command that downloads a script from the vendor's official domain (heroui.com) and executes it via bash. This is a standard installation pattern for this vendor.
- [EXTERNAL_DOWNLOADS]: Utility scripts in the
scripts/directory fetch component documentation, source code, and styling information from vendor-managed endpoints including mcp-api.heroui.com, heroui.com, and official GitHub repositories. - [COMMAND_EXECUTION]: Instructs the agent to execute local JavaScript files using Node.js to manage documentation and component retrieval tasks.
- [DATA_EXFILTRATION]: No instances of unauthorized data access or exfiltration were detected. All network operations are directed towards well-known vendor infrastructure and public repositories.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests data from remote sources.
- Ingestion points: Documentation and source code are fetched from heroui.com and GitHub in
scripts/get_component_docs.mjs,scripts/get_docs.mjs, andscripts/get_source.mjs. - Boundary markers: Absent; fetched content is displayed directly to the agent without delimiters.
- Capability inventory: The skill provides commands for local script execution and installation tasks.
- Sanitization: No evidence of content sanitization or validation before the fetched data is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://heroui.com/install - DO NOT USE without thorough review
Audit Metadata