ui-styling
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to indirect prompt injection (Category 8). It ingests untrusted user design requests and produces executable React components and styling. With no sanitization logic or boundary markers present, attackers can embed malicious instructions to inject XSS or data-exfiltration scripts into the generated UI code. This is a high-risk surface as the skill has the capability to write these components directly to the filesystem.
- [COMMAND_EXECUTION] (MEDIUM): The
scripts/shadcn_add.pyscript utilizessubprocess.runto call thenpx shadcnCLI. It passes user-provided component names as arguments without validation, enabling potential flag injection. The absence ofscripts/tailwind_config_gen.py, which is mentioned in the metadata, further limits the ability to verify the safety of the skill's automation layer. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's workflow involves downloading and executing code from the npm registry using
npx. This unverified external dependency presents a supply chain risk, as the integrity of the remote code is not guaranteed and the source is not within the trusted organization list.
Recommendations
- AI detected serious security threats
Audit Metadata