Skills
skills/oaustegard/claude-skills/developing-preact/Gen Agent Trust Hub

developing-preact

Fail

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/vendor.sh script fetches ESM modules from the official npm registry (registry.npmjs.org). It retrieves package metadata and downloads tarballs to extract specific library files for local use.
  • [COMMAND_EXECUTION]: The skill instructs the agent to run several shell commands, including bash scripts/vendor.sh for dependency management and npx tailwindcss for compiling styles. Additionally, SKILL.md contains a Python-based testing suite that executes within a container to verify the application's state.
  • [PROMPT_INJECTION]: The skill implements features for ingesting and parsing untrusted external data (CSV/JSON), creating a surface for indirect prompt injection where malicious data could influence the agent's logic.
  • Ingestion points: parseCSV and CSVUploader in assets/component-patterns.md, and data parsing examples in SKILL.md.
  • Boundary markers: The provided code snippets do not include explicit delimiters or instructions to ignore instructions embedded within the data files.
  • Capability inventory: The skill can execute shell commands (bash, npx) and perform network operations via the fetch API.
  • Sanitization: While references/architecture-patterns.md documents best practices for XSS prevention, the data parsing utilities themselves do not implement active sanitization or validation of the input content.
Recommendations
  • HIGH: Downloads and executes remote code from: https://registry.npmjs.org/${pkg}/${ver} - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 18, 2026, 05:58 AM