panel-custom-components
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users on how to load JavaScript libraries from well-known Content Delivery Networks (CDNs) including esm.sh, unpkg.com, and cdn.jsdelivr.net. These are standard practices for the described development tasks.
- [COMMAND_EXECUTION]: The documentation includes instructions for using development and testing tools such as 'panel compile', 'pytest', and 'playwright'. These commands are expected within the context of UI development and automated testing.
- [DYNAMIC_EXECUTION]: The skill demonstrates the intended use of Panel's custom component framework, which involves executing JavaScript code defined in Python strings (_esm). It also includes a monkey-patching workaround for MaterialUIComponent that uses 're.sub' to modify code at runtime to fix a known framework issue (referenced as panel-material-ui issue #563).
- [INDIRECT_PROMPT_INJECTION]: The skill provides templates for components that ingest external data (e.g., 'ValidatedInput', 'TextInput'). It includes an example of a validation pattern ('_validate' method) to sanitize inputs, though the ultimate safety depends on the user's final implementation.
Audit Metadata