Skills
skills/prowler-cloud/prowler/tailwind-4/Gen Agent Trust Hub

tailwind-4

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to process and modify user-provided code (specifically Tailwind classes and React components), creating an attack surface where instructions embedded in the processed data could influence the agent's behavior.
  • Ingestion points: Processes code containing className, variants, and cn() utility calls.
  • Boundary markers: No specific delimiters or warnings to ignore embedded instructions in the source code are defined.
  • Capability inventory: The skill allows the agent to use powerful tools including Bash, Edit, Write, WebFetch, and Task.
  • Sanitization: No evidence of sanitization or validation of the input code is provided in the skill instructions.
  • [Excessive Permissions] (SAFE): The skill requests permission for Bash, WebFetch, WebSearch, and Task. These capabilities are not necessary for the stated primary purpose of providing Tailwind CSS styling patterns, representing a violation of the principle of least privilege.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:03 PM