build-component-ui
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
schema-tester/component_schema_tester.pyperforms dynamic code loading by usingimportlib.utilto import aComponentclass from a filesystem path provided in API requests. Additionally,playwright-setup/install.shmodifies the local Claude Desktop configuration file to register a new persistent tool server. - [REMOTE_CODE_EXECUTION]: The
playwright-setup/install.shscript executesnpx -y @executeautomation/mcp-playwright, which downloads and runs code from an unverified third-party NPM package. - [EXTERNAL_DOWNLOADS]: The
schema-tester/component_schema_tester.pytool serves a web interface that fetches multiple dependencies including jQuery, Select2, and JSON Editor fromcdn.jsdelivr.net. Theplaywright-setup/install.shscript also triggers browser binary downloads vianpx. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface in
schema-tester/component_schema_tester.pybecause it ingests untrusted JSON data via its API, which is then used to influence dynamic code execution on the local filesystem. This surface lacks explicit boundary markers or input sanitization.
Audit Metadata