blutui-project-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists of Markdown guidelines and configuration examples. No malicious code, credential harvesting, or unauthorized network activity was detected.
- [COMMAND_EXECUTION] (SAFE): The skill references the courier CLI and specific MCP tools for creating and listing project resources. These actions are within the expected scope of a development assistance skill and are necessary for its primary purpose.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill involves the agent processing project files, which presents a theoretical surface for indirect prompt injection from the user's codebase. However, this is inherent to the skill's primary purpose and no malicious use-cases were observed. Ingestion points: user-provided project files (HTML, Canvas, JSON). Boundary markers: not explicitly defined in the rule files. Capability inventory: MCP tools for resource registration. Sanitization: handled by the underlying Blutui platform logic.
Audit Metadata