tailwind
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill recommends executing code from untrusted remote sources. Specifically, it instructs the agent to run
npx @tailwindcss/cliandnpx @tailwindcss/upgradein thereferences/build-cli-package.mdandreferences/build-node-version.mdfiles. Since the@tailwindcssorganization is not on the whitelisted Trusted External Sources, this constitutes a download-and-execute pattern from an unverified source.\n- Indirect Prompt Injection (HIGH): This skill has a high vulnerability surface for indirect injection. \n - Ingestion points: The agent is directed to read and analyze project-specific CSS, TSX, and JSX files.\n
- Boundary markers: None provided in the instructions to prevent the agent from obeying instructions embedded in user-controlled code.\n
- Capability inventory: The skill encourages the use of
npxandpnpmshell commands, providing a bridge from data processing to system execution.\n - Sanitization: No validation or sanitization of the code being processed is mentioned.\n- Command Execution (MEDIUM): The
README.mdandreferences/build-cli-package.mdfiles encourage the use of build and validation scripts (pnpm install,pnpm build,pnpm validate). While standard for developers, for an autonomous agent, this grants significant control over the local environment for non-whitelisted operations.
Recommendations
- AI detected serious security threats
Audit Metadata