extension-ui
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted local project files, including package.json and extension UI component source code. This creates a potential surface for indirect prompt injection where malicious instructions embedded in these files could attempt to influence the agent's behavior during analysis or code implementation phases.
- Ingestion points: Local project configuration and source files (referenced in Step 1 and Step 2 of SKILL.md).
- Boundary markers: No delimiters or ignore instructions are utilized to separate data from instructions.
- Capability inventory: The skill reads local files, recommends technology stacks, and implements code improvements.
- Sanitization: No sanitization or validation of the ingested code content is specified.
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installing standard web development packages (e.g., Tailwind CSS and DaisyUI) from public registries.
- [REMOTE_CODE_EXECUTION]: The initialization of the shadcn/ui library via npx involves downloading and executing a remote setup script. This is the standard and expected developer workflow for this well-known and reputable library.
Audit Metadata