ui-styling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill directs the agent to execute shell commands and local Python scripts (scripts/shadcn_add.py, scripts/tailwind_config_gen.py) to configure the development environment.
- EXTERNAL_DOWNLOADS (HIGH): The skill fetches and executes code from the web using npx shadcn@latest and npm install, which are external to the trusted source list.
- Indirect Prompt Injection (HIGH): There is a significant attack surface for indirect prompt injection due to the combination of untrusted data ingestion and command execution capabilities. -- Ingestion points: User-provided design requirements, component names, and theme parameters in SKILL.md. -- Boundary markers: Absent; no delimiters are defined to separate user input from instructional content. -- Capability inventory: Shell command execution via npx/npm and local file system modification via Python scripts. -- Sanitization: None mentioned; the instructions do not specify validation or escaping for parameters passed to scripts.
Recommendations
- AI detected serious security threats
Audit Metadata