claude-ui
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documents the implementation of a chat interface and an 'Artifact' preview system using iframes. This architecture creates an indirect prompt injection surface where the agent might be influenced by malicious instructions embedded in the data it renders or processes.
- Ingestion points: The UI is designed to render assistant messages (AssistantMessage in
references/components/messages.md) and external content within an iframe (Artifact panel inreferences/pages/artifacts.md). - Boundary markers: No explicit delimiter or 'ignore' instructions are provided in the documented UI code snippets.
- Capability inventory: The skill describes a system for rendering content; if an agent uses this UI to display untrusted external data, it could be vulnerable to instructions hidden within that data.
- Sanitization: The documentation does not detail any sanitization, escaping, or validation logic for the content being rendered.
- [EXTERNAL_DOWNLOADS]: The documentation recommends adding the 'cross-env' package to the project's dependencies to manage environment variables across different operating systems during development.
- Package: 'cross-env' is suggested as a dependency in
references/design-tokens.mdfor the development script.
Audit Metadata