ui-designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (LOW): The REFERENCE.md file includes a workflow step to install @axe-core/cli using npm. While axe-core is a standard industry tool for accessibility auditing, unversioned package installations from external registries carry a minor risk of dependency confusion or supply chain compromise. (Severity adjusted from MEDIUM to LOW based on the skill's primary purpose).
- Command Execution (LOW): The skill is granted permission to use Bash for creating design specifications and running auditing tools. This is a powerful capability but is restricted to the skill's stated operational scope.
- Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection (Category 8) because it ingests untrusted data from existing design files while having access to a shell environment.
- Ingestion points: The skill uses Glob and Grep to analyze existing design files as described in the Core Capabilities section of SKILL.md.
- Boundary markers: Absent; no instructions are provided to the agent to treat analyzed file content as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has access to Bash, Read, Write, and Edit tools, which could be exploited if malicious instructions are encountered in data files.
- Sanitization: No sanitization or validation of the content read from files is specified in the instruction set.
Audit Metadata