Skills
skills/redpanda-data/console/ui-development/Gen Agent Trust Hub

ui-development

Fail

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The file rules/use-ui-registry.md instructs the agent to install components using bunx @fumadocs/cli add --dir https://redpanda-ui-registry.netlify.app/r. This downloads code from an external, untrusted domain that is not part of the trusted sources whitelist.
  • [REMOTE_CODE_EXECUTION] (HIGH): The automated installation of remote code via bunx (similar to npx) allows for the execution of unverified scripts on the local system. The skill specifically combines this with piped 'yes' input to eliminate manual verification.
  • [COMMAND_EXECUTION] (HIGH): The command yes | bunx @fumadocs/cli add is used to force-install packages, bypassing human-in-the-loop safety checks. This pattern is often used in malicious scripts to silently deploy payloads.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill defines a workflow involving MCP tools (mcp__redpanda-ui__get_component) that fetch content from an external registry.
  • Ingestion points: SKILL.md, rules/use-ui-registry.md.
  • Boundary markers: Absent; no instructions exist to ignore malicious commands embedded in fetched UI documentation.
  • Capability inventory: Shell execution (ls, bunx), file modification through the CLI tool.
  • Sanitization: Absent; the skill blindly trusts the output of the registry documentation tools.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 19, 2026, 12:02 AM