docyrus-ui-react-components
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill frequently directs the agent to fetch content from the vendor's external domain to obtain documentation.
- Evidence: Instructions in
SKILL.mdandreferences/hooks-catalog.mdto fetchllms.txtfiles fromhttps://ui.docy.appusingWebFetchorcurl. - [COMMAND_EXECUTION]: The skill provides usage patterns for the vendor's command-line interface tool.
- Evidence: Documentation of the
docyrus addcommand (e.g.,docyrus add @docyrus/ui-data-grid) for installing components. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill explicitly instructs the agent to fetch external
llms.txtdocumentation files fromui.docy.appand treat them as the "source of truth" before writing code. - Capability inventory: The agent is tasked with picking components, discovering exports, and writing implementation code based on the fetched data.
- Boundary markers: None present. There are no instructions to ignore embedded natural language commands or delimiters within the fetched documentation files.
- Sanitization: None present. The agent processes the raw text fetched from the external URL.
Audit Metadata