tiptap
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The script
templates/minimal-tiptap-setup.shusesnpx shadcn@latest addto fetch a component registry from an untrusted GitHub user (Aslam97). This mechanism allows for the dynamic injection of third-party source code into the user's project from an unverifiable remote source.\n- Metadata Poisoning (MEDIUM): The README.md claims that theshadcn minimal-tiptapcomponent has "3.14M downloads/week". This metric is likely fabricated or highly misleading, as it exceeds the download rates of the core Tiptap library and appears designed to bolster the perceived legitimacy of an untrusted third-party source.\n- Indirect Prompt Injection (LOW):\n - Ingestion points:
templates/base-editor.tsxandtemplates/image-upload-r2.tsxingest user content and files into the editor state.\n - Boundary markers: Absent; no instructions are provided to the agent to treat input content as untrusted data.\n
- Capability inventory: The skill includes network requests (image uploads) and the generation of HTML that could influence downstream agent actions if the editor's output is re-processed.\n
- Sanitization: The templates lack any mention or implementation of HTML sanitization (e.g., DOMPurify) for the editor's output, creating a vulnerability surface if the generated HTML is rendered without escaping.\n- Command Execution (LOW): The skill includes
templates/minimal-tiptap-setup.sh, a bash script designed to modify the local development environment by installing dependencies and fetching remote configurations.
Audit Metadata