Skills
skills/heroui-inc/heroui/heroui-react/Gen Agent Trust Hub

heroui-react

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill includes instructions such as 'CRITICAL: v3 Only
  • Ignore v2 Knowledge' and 'Do NOT use any prior knowledge of HeroUI v2'. While these match the pattern of 'ignore previous instructions,' they are used legitimately to prevent the agent from applying deprecated API patterns from the previous version of the library.
  • [EXTERNAL_DOWNLOADS]: Scripts like get_component_docs.mjs, get_source.mjs, and get_styles.mjs fetch content from mcp-api.heroui.com, v3.heroui.com, and raw.githubusercontent.com/heroui-inc. These are official vendor-owned domains and repositories used to retrieve up-to-date documentation and implementation details.
  • [COMMAND_EXECUTION]: The skill provides several utility scripts (node scripts/list_components.mjs, etc.) that the agent can execute to explore the library. These scripts perform network requests and output content to the console for the agent to process.
  • [DATA_EXFILTRATION]: Analysis of network operations shows communication only with the vendor's own infrastructure (API and GitHub) for the purpose of fetching library data. No access to sensitive local files or suspicious data transmission was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 12:57 PM