hyva-ui-component
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (LOW): Detected an Indirect Prompt Injection surface (Category 8).
- Ingestion points: The skill reads documentation files at
{hyva_ui_path}/components/{component}/{variant}/README.mdto extract configuration and dependency data. - Boundary markers: No explicit delimiters or safety warnings are used when interpolating content from these READMEs into automated actions.
- Capability inventory: The skill performs file writes (
cp -r), XML configuration merging (etc/view.xml), and package installations (composer require). - Sanitization: The skill lacks sanitization when parsing XML blocks and dependency names from the README files. If a vendor package is compromised, it could influence the agent to install malicious packages or inject unsafe XML structures.
- Command Execution (SAFE): The skill utilizes standard shell commands (
cp,ls,find) and a provided bash script (refresh_catalog.sh) to manage local development files. These operations are consistent with the intended purpose of managing a Magento theme. - External Downloads (SAFE): The skill references official Hyva download URLs and uses standard Magento package management (
composer). No downloads from untrusted sources or risky paste sites were detected. - Metadata Poisoning (SAFE): The skill description and metadata accurately reflect its functionality without deceptive instructions.
Audit Metadata