ui-designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): Step 5 of the workflow executes a shell command
find . -name "package.json" -exec grep -l "react" {} \;to verify the presence of a React project. This is a discovery-only operation. - [PROMPT_INJECTION] (LOW): The skill interpolates untrusted user data from a project idea file into system templates via the
{项目背景}placeholder, creating an indirect prompt injection surface. 1. Ingestion points: Project idea file content and UI reference images. 2. Boundary markers: Uses XML-style tags like<context>for structure, but lacks specific 'ignore embedded instructions' delimiters. 3. Capability inventory: Includes file system read/write access and shell command execution for environment checking. 4. Sanitization: No input sanitization or validation is performed on the user-provided text strings before interpolation.
Audit Metadata