Skills
skills/totto2727-dotfiles/agents/components-build-docs/Gen Agent Trust Hub

components-build-docs

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and configuration files from external URLs, specifically components.build and Vercel's official GitHub repository (vercel-labs). These are legitimate sources for the skill's stated purpose of documenting UI component standards.
  • [COMMAND_EXECUTION]: The instructions include curl commands that the agent is expected to run to retrieve documentation at runtime. This allows the agent to fetch the most up-to-date documentation for specific component topics (slugs).
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (Category 8) because it ingests data from external websites and GitHub repositories at runtime.
  • Ingestion points: Content is retrieved via curl from https://www.components.build/llms.mdx/{slug} and https://raw.githubusercontent.com/vercel-labs/agent-skills/.
  • Boundary markers: The skill does not define specific delimiters or instructions to the agent to ignore embedded commands in the fetched data.
  • Capability inventory: The agent has the capability to perform network requests (curl) and generate responses based on that data.
  • Sanitization: There is no mention of sanitization or validation of the remote content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 01:50 AM