Skills
skills/regenrek/agent-skills/shadcn-vite-iconify-landing-page/Gen Agent Trust Hub

shadcn-vite-iconify-landing-page

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Multiple utility scripts execute shell commands via subprocess.run (Python) or directly in Bash to perform git operations, run linters, and capture debug information.
  • Evidence: codex-sandbox/scripts/codex_sandbox.py, gh-repo-bootstrap/scripts/gh_repo_bootstrap.py, debug-lldb/scripts/collect_stacks.sh, pr-commiter/scripts/pr-commiter.sh.
  • [EXTERNAL_DOWNLOADS]: Skills fetch project templates, gitignore patterns, and license files from external repositories and the GitHub API.
  • Evidence: create-new-static-website uses npx gitpick for the instructa/astro-website-starter repo.
  • Evidence: gh-repo-bootstrap fetches templates via the gh api.
  • [PROMPT_INJECTION]: Several skills have a surface for indirect prompt injection because they process untrusted data from the user's repository (such as documentation, ADRs, source code, and logs) to inform their actions.
  • Ingestion points: architecture-ownership, find-duplicate-ownership, and root-cause-finder read repository documentation and code files.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when reading external content.
  • Capability inventory: The skills can perform git commits, write files, and attach to live processes (lldb/gdb).
  • Sanitization: Input validation exists for user-provided parameters (e.g., repo names), but no specific sanitization is applied to content read from the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 05:35 AM
Security Audit — agent-trust-hub — shadcn-vite-iconify-landing-page