ui-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of a markdown file with instructions and no executable scripts or dependency configurations.
- [PROMPT_INJECTION] (SAFE): No markers of direct prompt injection or attempts to bypass safety filters were detected in the skill instructions.
- [INDIRECT PROMPT INJECTION] (LOW): The skill ingests untrusted PRDs or concept app data, creating a potential surface for indirect prompt injection. Evidence: 1. Ingestion points: PRDs or existing concept apps (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Generates static HTML, CSS, and JS code. 4. Sanitization: Absent.
Audit Metadata