ux-spec-to-prompts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious instructions or bypass patterns detected in the prompt logic.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, environment variables, or hardcoded credentials detected.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not install any packages or download/execute remote code.
- [Indirect Prompt Injection] (SAFE): The skill is designed to process untrusted UX specifications, which presents a surface for indirect injection. However, the risk is negligible as the skill lacks any capabilities (file-write, network, or command execution) to act on malicious instructions embedded in the specs.
- Ingestion points: UX Specifications, PRDs, and feature docs provided by the user in the prompt context.
- Boundary markers: Uses structured templates and section headers, but lacks explicit 'ignore instructions' delimiters for the ingested spec.
- Capability inventory: None; the skill's functionality is limited to text generation.
- Sanitization: No input sanitization is performed on the provided documentation content.
Audit Metadata