ui-social-feed-shell
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a standard user interface shell for a Next.js application. It uses local development tools like bun and ripgrep for validation, which is consistent with its stated purpose and development best practices.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of external social feed data through a source adapter, which constitutes an indirect prompt injection surface (Category 8).\n
- Ingestion points: Untrusted data enters the agent context through the
FEED_SOURCE_ADAPTERand is rendered in the timeline components.\n - Boundary markers: The skill does not implement delimiters or instructions to ignore potential commands embedded in the feed data.\n
- Capability inventory: The skill's operational footprint is limited to generating UI code and performing local shell-based file existence and content checks; it lacks network access or dynamic execution capabilities.\n
- Sanitization: No explicit content sanitization or escaping logic is provided in the template code snippets.
Audit Metadata