daisyui-5
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill instructs the user to install 'daisyui@latest' from npm. Floating versions can lead to non-deterministic builds and potential ingestion of malicious updates. The 'daisyui' package organization is not listed as a trusted source in the analyzer configuration.\n- [Indirect Prompt Injection] (LOW): The skill establishes a workflow where an AI agent updates a metadata file ('daisy-meta.ts') which is then processed by a build script to generate CSS. This creates a surface where a malicious component request could influence project build outputs.\n
- Ingestion points: AI-driven updates to 'daisy-meta.ts' based on user component requests.\n
- Boundary markers: None present in the metadata file to delimit AI-generated content.\n
- Capability inventory: Filesystem write capability through the 'generate-daisy-safelist.ts' script which modifies 'src/app/styles/daisy-safelist.css'.\n
- Sanitization: No sanitization is performed on keys in 'daisy-meta.ts' before inclusion in the CSS '@source' directive.\n- [Command Execution] (SAFE): The skill provides a utility script ('scripts/generate-daisy-safelist.ts') and instructions for the user to execute it manually via npm to maintain CSS safelists. The script behavior is consistent with the skill's primary purpose.
Audit Metadata