Skills
skills/xingyu4j/skills/inspira-ui/Gen Agent Trust Hub

inspira-ui

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes shell scripts (scripts/setup-inspira.sh and scripts/verify-setup.sh) designed to automate the installation of dependencies using package managers (bun, pnpm, npm) and to verify project configuration.
  • [EXTERNAL_DOWNLOADS]: The skill references and encourages fetching content from https://inspira-ui.com/docs/llms-full.txt. This is the official source for the library's documentation and code examples.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is present because the agent is instructed to ingest data from an external, untrusted source.
  • Ingestion points: SKILL.md and references/components-list.md recommend fetching documentation from https://inspira-ui.com/docs/llms-full.txt.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are included in the prompts that fetch this external data.
  • Capability inventory: The skill allows the use of bash, read, glob, and grep, which provides significant system access if malicious instructions are followed.
  • Sanitization: There is no evidence of content sanitization or validation before the agent processes the external documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:34 AM