uiux-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): This skill is entirely descriptive and template-based. It does not include any executable scripts, shell commands, or automation logic.
- [DATA_EXPOSURE] (SAFE): The skill processes user stories from a local project file (
design/userstory.md) and outputs design specifications to the project folder. It does not access credentials, SSH keys, or other sensitive personal data. - [REMOTE_CODE_EXECUTION] (SAFE): There are no external downloads, package installations, or remote script executions identified.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from
design/userstory.md. While an attacker could theoretically embed instructions in a user story to influence the design output, the skill lacks dangerous capabilities (like network or shell access) to escalate this into a significant security threat. - Ingestion points:
design/userstory.md - Boundary markers: None explicitly defined.
- Capability inventory: File write (Markdown only).
- Sanitization: None specified.
Audit Metadata