Skills
skills/yigitkonur/skills-by-yigitkonur/build-daisyui-mcp/Gen Agent Trust Hub

build-daisyui-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill establishes workflows for processing external content from Figma URLs and image screenshots to generate UI code. This creates an attack surface for indirect prompt injection where malicious instructions could be embedded within the design data or image metadata to influence the agent's output.
  • Ingestion points: SKILL.md (Workflow — Figma to daisyUI, Workflow — screenshot or mockup to daisyUI).
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or specific warnings to ignore instructions found within the design data.
  • Capability inventory: The agent has the capability to write code files and call external MCP tools (daisyui-blueprint-daisyUI-Snippets, daisyui-blueprint-Figma-to-daisyUI).
  • Sanitization: Absent; there are no instructions for sanitizing or escaping the data retrieved from external design sources.
  • [EXTERNAL_DOWNLOADS]: The documentation provides standard setup instructions for installing development dependencies such as tailwindcss and daisyui, as well as the daisyui-blueprint MCP server from the npm registry. These are well-known and legitimate resources necessary for the skill's functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:56 AM