igniteui-angular-theming
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative language in its agent instructions, such as 'MUST automatically configure' and 'Do NOT skip', to ensure the MCP server environment is properly established. This is a functional requirement for the skill's tools.
- [REMOTE_CODE_EXECUTION]: The skill specifies the use of 'npx -y igniteui-theming' to download and run the theming MCP server. This targets a vendor-owned package and is a standard delivery mechanism for MCP tools.
- [COMMAND_EXECUTION]: Setup steps involve writing configuration files to local directories such as .vscode and .cursor to enable the 'igniteui-theming' server via npx.
- [DATA_EXPOSURE]: The agent is instructed to access and modify IDE and system-level configuration files (e.g., .vscode/mcp.json, Claude Desktop config) to register the MCP server. This is restricted to configuration paths necessary for the skill.
Audit Metadata