skills/pedronauck/skills/tech-logos/Gen Agent Trust Hub

tech-logos

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx shadcn@latest add to download and install UI components from the @elements registry scope. This is a standard and expected workflow for modern web development using the shadcn/ui pattern.
  • [COMMAND_EXECUTION]: Executes shell commands including npx for component installation and a combination of ls and sed to list available logos from a local registry directory. These commands are utility-focused and tied to the skill's primary functionality.
  • [PROMPT_INJECTION]: The skill facilitates an indirect injection surface by interpolating user-provided company names into shell commands (e.g., npx shadcn@latest add @elements/{name}-logo). While this allows user input to flow into a command-line argument, the risk is contextualized within the agent's component management tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 02:58 AM
Security Audit — agent-trust-hub — tech-logos