product-ui-prototyping
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses an optional 'experience-story.md' file as an upstream source for defining UI screens, actions, and transitions, which introduces an indirect prompt injection surface.
- Ingestion points: The file 'ui-prototypes//experience-story.md' is read to guide the workflow.
- Boundary markers: There are no instructions provided to the agent to treat the contents of the story file as untrusted or to use delimiters to separate data from instructions.
- Capability inventory: The skill possesses the capability to write multiple file types (JSON, MD, HTML) to the local filesystem and execute image generation and editing tools.
- Sanitization: No validation or sanitization logic is present to filter malicious instructions embedded in the story content.
Audit Metadata