hyperui
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE] (SAFE): No malicious instructions, obfuscation, or direct prompt injections were detected in the skill content.
- [NO_CODE] (SAFE): The skill consists entirely of markdown-based documentation and does not include any executable scripts or binaries.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends the installation of the standard @tailwindcss/forms package, which is an industry-recognized plugin for Tailwind CSS.
- [Indirect Prompt Injection] (LOW): The workflow instructs the agent to fetch HTML snippets from an external framework (HyperUI) via MCP tools. 1. Ingestion points: HTML content is retrieved using get_component and get_component_by_path in SKILL.md. 2. Boundary markers: No delimiters or ignore-instructions markers are specified for the retrieved content. 3. Capability inventory: This skill does not contain executable code or perform subprocess calls itself. 4. Sanitization: No explicit sanitization or validation of the fetched HTML is described.
Audit Metadata