creating-styled-wrappers
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructions reference the Node.js package
@tambo-ai/react-ui-base. This organization is not on the trusted sources list (e.g., Anthropic, OpenAI, Microsoft), posing a potential risk if the package contains malicious code or is subject to a supply chain attack. Users should verify the package provenance before incorporating it into projects. - PROMPT_INJECTION (LOW): The skill instructions create an indirect prompt injection surface by directing the agent to ingest and transform user-provided source code.
- Ingestion points: User-provided React component source code provided during refactoring tasks.
- Boundary markers: None specified in the instructions to separate user content from system instructions.
- Capability inventory: No executable tools, scripts, or side-effect capabilities are provided within the skill; output is limited to text and code generation.
- Sanitization: No sanitization or filtering logic is implemented for the ingested code content.
Audit Metadata