docyrus-ui-react-components

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill frequently directs the agent to fetch content from the vendor's external domain to obtain documentation.
  • Evidence: Instructions in SKILL.md and references/hooks-catalog.md to fetch llms.txt files from https://ui.docy.app using WebFetch or curl.
  • [COMMAND_EXECUTION]: The skill provides usage patterns for the vendor's command-line interface tool.
  • Evidence: Documentation of the docyrus add command (e.g., docyrus add @docyrus/ui-data-grid) for installing components.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The skill explicitly instructs the agent to fetch external llms.txt documentation files from ui.docy.app and treat them as the "source of truth" before writing code.
  • Capability inventory: The agent is tasked with picking components, discovering exports, and writing implementation code based on the fetched data.
  • Boundary markers: None present. There are no instructions to ignore embedded natural language commands or delimiters within the fetched documentation files.
  • Sanitization: None present. The agent processes the raw text fetched from the external URL.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 10:18 PM
Security Audit — agent-trust-hub — docyrus-ui-react-components