tailwind
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (HIGH): The skill promotes the download and immediate execution of external software packages using the npx command. Since the '@tailwindcss' organization is not included in the 'Trusted External Sources' whitelist, these operations are classified as high risk.
- Evidence:
npx @tailwindcss/clirecommended for builds inreferences/build-cli-package.md.npx @tailwindcss/upgraderecommended for automated migration inreferences/util-renamed-utilities.md.- PROMPT_INJECTION (HIGH): The skill contains a significant vulnerability to Indirect Prompt Injection (Category 8). It instructs the AI agent to process untrusted external content (user project files) and provides the agent with executable capabilities (npx commands), meeting the HIGH tier severity conditions.
- Evidence Chain:
- Ingestion points: The agent is triggered to scan and refactor user-controlled HTML, CSS, and JS files as described in
SKILL.md. - Boundary markers: There are no instructions for the agent to use delimiters or ignore embedded natural language instructions within the code being refactored.
- Capability inventory: The skill encourages the use of
npxfor CLI operations and upgrades inreferences/build-cli-package.mdandreferences/util-renamed-utilities.md. - Sanitization: No sanitization or validation of the content within the processed files is required by the skill before performing actions based on them.
- Ingestion points: The agent is triggered to scan and refactor user-controlled HTML, CSS, and JS files as described in
Recommendations
- AI detected serious security threats
Audit Metadata