Skills
skills/lumea-labs/polpo-skills/polpo-ui/Gen Agent Trust Hub

polpo-ui

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill guides users to scaffold new projects and manage UI components using the npx create-polpo-app and npx @polpo-ai/ui add commands. These tools are standard CLI utilities provided by the vendor (lumea-labs) for their ecosystem.
  • [EXTERNAL_DOWNLOADS]: The instructions list several npm packages for installation, primarily under the official @polpo-ai scope, alongside well-known community libraries such as react-virtuoso and lucide-react.
  • [SAFE]: The code snippets demonstrate secure handling of sensitive data by utilizing environment variables for API keys (e.g., NEXT_PUBLIC_POLPO_API_KEY) rather than hardcoding values.
  • [SAFE]: The use of dangerouslySetInnerHTML in the theming documentation is limited to a hardcoded, benign script for theme initialization (anti-flash) which is a common and safe pattern in modern web development.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:58 PM