Skills
skills/ant-design/antd-skill/antd/Gen Agent Trust Hub

antd

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill initiates the installation of the @ant-design/cli package from the public npm registry if it is not already present. This package is an official tool provided by the 'ant-design' organization for managing component metadata and project analysis.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute antd CLI commands. These operations are scoped to documentation queries (info, doc), project analysis (usage, doctor), and code linting (lint). The execution is restricted via the allowed-tools metadata field.
  • [DATA_EXFILTRATION]: The skill contains functionality to report bugs using the antd bug and antd bug-cli commands. This involves sending user-provided descriptions and reproduction steps to an external endpoint. The instructions enforce a safety protocol requiring the agent to preview the report and obtain explicit user confirmation before the final submission.
  • [PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by reading and analyzing untrusted project data through antd usage and antd lint.
  • Ingestion points: Local source files in ./src (read via antd usage and antd lint).
  • Boundary markers: None explicitly defined in the prompt instructions.
  • Capability inventory: Shell command execution via Bash tool.
  • Sanitization: Not specified within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 03:19 AM