component-gallery
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/ingest.pyscript fetches UI component documentation and deep-dive analysis files from a public GitHub repository (github.com/inbn/component-gallery) and crawlscomponent.galleryusing an external service. These downloads target well-known and appropriate sources for the skill's stated purpose. - [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/ingest.pyandscripts/query.pyto execute external CLI tools includingfirecrawl(for web crawling),rlama(for retrieval-augmented generation tasks), and a local retrieval script. These operations are core to the skill's functionality for building and querying a local search index. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests and processes untrusted data from the web.
- Ingestion points:
scripts/ingest.py(crawls external web pages and fetches markdown files from GitHub). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the indexing logic.
- Capability inventory: The skill possesses command execution capabilities through
subprocess.runcalls inscripts/ingest.pyandscripts/query.py. - Sanitization: No validation or sanitization of the downloaded content is performed before it is indexed and subsequently presented to the agent for synthesis.
Recommendations
- HIGH: Downloads and executes remote code from: unknown (check file) - DO NOT USE without thorough review
Audit Metadata