Skills
skills/tapforce/agents-skills/tapforce-shadcn-svelte/Gen Agent Trust Hub

tapforce-shadcn-svelte

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The file 'rules/cli-usage.md' directs the agent to run 'pnpm dlx shadcn-svelte@latest', which executes unverified code from the npm registry at runtime.
  • [COMMAND_EXECUTION] (HIGH): The file 'rules/component-imports.md' contains a shell script using 'find' and 'sed -i' to modify multiple files. This provides an agent with the capability to perform unauthorized file system writes.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on unpinned external packages from npm, which are not within the 'Trusted Source' scope, increasing supply chain vulnerability.
  • [PROMPT_INJECTION] (HIGH): The skill establishes a high-risk surface for indirect prompt injection (Category 8) by combining the ingestion of project files with powerful shell execution and file modification capabilities without sanitization.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 12:00 AM