nativewind-and-tailwind-css-compatibility
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of shell commands. Specifically, the 'Memory Protocol' in SKILL.md requires the agent to run 'cat .claude/context/memory/learnings.md'. Additionally, the skill includes instructions for managing packages using 'npm remove' and 'npm install'.
- [EXTERNAL_DOWNLOADS]: The skill fetches specific versions of 'nativewind' and 'tailwindcss' from the npm registry as part of its setup instructions. These are well-known packages used for their intended purpose.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of local workspace files.
- Ingestion points: Files .claude/context/memory/learnings.md and package.json are read into the agent context.
- Boundary markers: Not present; the skill lacks specific delimiters or instructions to ignore potential commands within ingested files.
- Capability inventory: The skill utilizes Read, Write, and Edit tools, and performs subprocess calls for shell commands (cat, npm).
- Sanitization: Not present; content from ingested files is processed without validation or filtering.
Audit Metadata