ui-styling
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The 'references/canvas-design-system.md' file contains a 'Final Verification' section that uses a simulated user quote ('User already said...') to bypass standard agent instructions and enforce a specific 'museum-quality' output style. This is a stylistic steering technique that leverages prompt injection patterns.\n- COMMAND_EXECUTION (LOW): The script 'scripts/shadcn_add.py' programmatically executes external CLI tools using
subprocess.run. Although it avoids a shell environment, it allows the agent to trigger external system processes with variable arguments.\n- EXTERNAL_DOWNLOADS (LOW): The skill utilizes 'npx' to download and execute the 'shadcn' package from the npm registry at runtime. While this is standard for the stack, it introduces a dependency on remote, unverified code during execution.\n- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface.\n - Ingestion points: 'scripts/shadcn_add.py' reads 'components.json' and file stems from the 'ui' directory.\n
- Boundary markers: None identified in the provided code.\n
- Capability inventory:
subprocess.runcalls to 'npx'.\n - Sanitization: Absent. The component names are passed directly to the subprocess call as arguments without validation.
Audit Metadata