Skills
skills/auth0/agent-skills/acul-screen-generator/Gen Agent Trust Hub

acul-screen-generator

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Auth0 CLI to perform tenant-related tasks including authentication (auth0 login), configuration retrieval (auth0 acul config list), and project initialization (auth0 acul init).
  • [EXTERNAL_DOWNLOADS]: Fetches modular component architectures and SDK usage examples from official Auth0 repositories on GitHub (github.com/auth0-samples and github.com/auth0). These downloads are sourced from the vendor's own infrastructure.
  • [DATA_EXFILTRATION]: Reads local project configuration (acul_config.json) and screen rendering settings. No network operations targeting non-whitelisted or untrusted domains were identified.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection via the analysis of user-provided design mockups and images (Phase 5). This is a standard functional requirement for the skill's design-to-code capabilities.
  • Ingestion points: User-provided images/mockups and local acul_config.json files.
  • Boundary markers: The skill uses a structured 8-phase workflow to guide the agent, but lacks explicit delimiters for image-derived content.
  • Capability inventory: File system writes (code generation), network fetching (GitHub samples), and Auth0 CLI execution.
  • Sanitization: The skill instructions include requirements for HTML escaping in generated JavaScript to mitigate XSS in the output code.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 07:59 AM