Skills
skills/yigitkonur/skills-by-yigitkonur/build-daisyui-mcp/Gen Agent Trust Hub

build-daisyui-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's setup guides include instructions to download and install official libraries such as tailwindcss and daisyui from the standard npm registry.
  • [COMMAND_EXECUTION]: Instructions include the use of npm install and npx to setup the environment and run the daisyui-blueprint MCP server, which is a resource provided by the skill's author.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external Figma URLs and UI screenshots to generate markup. This represents a potential surface for indirect prompt injection.
  • Ingestion points: Figma design URLs and visual analysis of screenshots.
  • Boundary markers: No explicit delimiters or 'ignore' instructions are present in the conversion prompts to isolate external content.
  • Capability inventory: The skill uses MCP tools to retrieve HTML snippets and performs local code assembly based on the provided design structure.
  • Sanitization: There is no evidence of sanitization for text content or instructions that might be embedded in the design metadata.
  • This surface is inherent to the skill's primary utility as a design-to-code tool and does not constitute a malicious finding.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 10:21 AM