Skills
skills/caomeiyouren/cmyr-skills-agents/ui-validator/Gen Agent Trust Hub

ui-validator

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to ensure the local development environment is ready for testing.
  • Evidence: Uses Test-NetConnection (on Windows) or lsof (on POSIX) to check if the local server on port 3000 is active.
  • Evidence: Invokes pnpm dev with isBackground: true to start the development server if the port is not responsive.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes content from local web pages during validation.
  • Ingestion points: Data enters the agent's context through browser_navigate, take_snapshot (accessibility tree), and evaluate_script (CSS styles).
  • Boundary markers: No specific delimiters or warnings are used to distinguish between system instructions and content retrieved from the web page.
  • Capability inventory: The agent has the ability to execute shell commands and perform arbitrary browser interactions.
  • Sanitization: No explicit sanitization or filtering of the page content is performed before the agent analyzes it for UI compliance.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 01:44 PM