tailwind
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill operates on composition HTML files, which serve as a primary ingestion point for untrusted external data. While it provides specific rules for styling and layout, it lacks explicit boundary markers or 'ignore' instructions to prevent the agent from accidentally following malicious prompts that might be embedded in the HTML content. This creates a surface for indirect prompt injection, especially as the skill enables capabilities like executing local CLI tools (
npx hyperframes) to lint, validate, or render the project based on the processed HTML. - [EXTERNAL_DOWNLOADS]: The skill references the
@tailwindcss/browserpackage and specifies the use ofnpxto execute thehyperframesCLI toolset. These are standard dependencies and official tools associated with the skill's intended purpose for modern web and video composition development.
Audit Metadata