Skills
skills/preetamnath/agent-skills/polaris-web-components/Gen Agent Trust Hub

polaris-web-components

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a reference for UI development, providing component properties, slots, and standard code patterns. Analysis of the instructions and examples revealed no evidence of data exfiltration, credential theft, or unauthorized command execution.
  • [PROMPT_INJECTION]: The skill instructions include a potential surface for indirect prompt injection via the ingestion of external documentation through MCP tools. This is a characteristic of skills that dynamically retrieve data to supplement their internal knowledge base.
  • Ingestion points: SKILL.md (via calls to shopify-dev-mcp -> search_docs_chunks).
  • Boundary markers: Absent; there are no specific instructions to ignore embedded prompts within the retrieved documentation chunks.
  • Capability inventory: The agent can generate web component markup and invoke validation tools via the /shopify-dev-mcp endpoint.
  • Sanitization: Absent; the skill does not specify any filtering or sanitization of the content returned by the MCP documentation search tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 05:24 PM