tapforce-ai-component
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains a directive labeled "CRITICAL" that mandates the agent to fetch and read an external file (llms.txt) before proceeding. This pattern forces the ingestion of untrusted data into the agent's context, which is a classic Indirect Prompt Injection surface.
- Ingestion points: SKILL.md instructions mandate fetching from
https://svelte-ai-elements.vercel.app/ai-elements/llms.txt. - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to treat the fetched text as untrusted.
- Capability inventory: The agent uses the fetched data to generate Svelte code and UI components.
- Sanitization: Absent. No verification or escaping of the remote content is required or mentioned.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references external documentation and a data file on a non-whitelisted third-party domain (
vercel.app). While these are likely legitimate developer resources, fetching content from non-trusted domains is a minor concern for agents acting on that data.
Audit Metadata