tinacms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW): The skill handles content from external Markdown and MDX files, which serves as a potential vector for indirect instructions. Evidence Chain: 1. Ingestion points: Markdown, MDX, and JSON files; 2. Boundary markers: Absent in documentation; 3. Capability inventory: Shell script execution (init-nextjs.sh, etc.) and npx commands; 4. Sanitization: None mentioned for external content.
- External Downloads (SAFE): Documentation suggests using standard npx and npm commands for official packages such as tinacms and create-next-app, which are established tools in the web development ecosystem.
Audit Metadata