refactoring-ui
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: Comprehensive analysis of the instructions and associated files confirms the skill is dedicated to educational UI design principles and lacks any malicious patterns, obfuscation, or unauthorized data access mechanisms.
- [COMMAND_EXECUTION]: The skill includes a benign local utility script,
scripts/audit_css.py, used to automate design reviews for the user. - Evidence: The script utilizes standard Python libraries (
re,pathlib) to perform read-only static analysis on CSS and HTML files. - Context: Operations are strictly limited to identifying design token violations and do not involve network exfiltration, arbitrary command execution, or sensitive file access.
- [PROMPT_INJECTION]: The skill's 'Design Review' mode processes user-provided code, which represents a potential surface for indirect prompt injection (Category 8).
- Ingestion points: UI code and designs provided by the user in
SKILL.md(Design Review mode). - Boundary markers: Absent in the provided instructional text.
- Capability inventory: Limited to read-only file system access via the provided Python audit script.
- Sanitization: No explicit sanitization or filtering of user-provided design code is performed.
- Risk Assessment: The risk is negligible as the skill lacks high-risk capabilities like network access or persistent file modification.
Audit Metadata