storybook-gen
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists exclusively of documentation and usage instructions in the
SKILL.mdfile. It does not package any scripts, binaries, or configuration files for the agent to execute directly. - [EXTERNAL_DOWNLOADS]: The instructions guide the user to use
npx ai-storybook, which fetches the package from the NPM registry. NPM is a well-known and trusted service for JavaScript dependency management. - [COMMAND_EXECUTION]: The documentation provides specific CLI examples (e.g.,
npx ai-storybook ./src/components/Card.tsx) meant to be executed in a developer's terminal to process local files. - [PROMPT_INJECTION]: The skill describes a tool that processes untrusted source code (React components) to generate documentation, which represents an indirect prompt injection surface.
- Ingestion points: Local React component files (
.tsx) provided as arguments to the command. - Boundary markers: No specific delimiters or safety warnings for embedded comments are described in the documentation.
- Capability inventory: The tool performs code analysis and file generation (writing stories to disk).
- Sanitization: Not specified in the provided documentation.
Audit Metadata