vsa-ui-enhancer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is susceptible to Indirect Prompt Injection because it processes untrusted data (local source files) and has high-privilege capabilities (Edit, Write). \n
- Ingestion points: The skill reads .razor and .cs files across the src/Application and src/Domain directories to understand the UI and business logic (as defined in input-requirements.md). \n
- Boundary markers: There are no explicit instructions or delimiters defined to separate the skill's instructions from the content of the files it processes. \n
- Capability inventory: The skill is permitted to use Edit and Write tools, enabling it to perform arbitrary modifications to the codebase. \n
- Sanitization: No sanitization or validation of the input file content is performed to prevent embedded instructions from being interpreted by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata