devic-ui
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The documentation describes the use of the @devicai/ui library and its associated API (api.devic.ai). Both are confirmed resources belonging to the author 'devicai'.
- [DATA_EXFILTRATION]: The library provides examples for tools that access browser data, including 'get_user_location' and 'get_current_page'. These functions access standard Web APIs and are documented as part of the library's functional tool-calling interface.
- [REMOTE_CODE_EXECUTION]: Installation instructions are restricted to standard npm/yarn commands for the vendor's package. No suspicious download-and-execute patterns or piped shell commands were found.
- [PROMPT_INJECTION]: The skill facilitates the processing of AI-generated tool calls based on user input, creating a surface for indirect prompt injection. 1. Ingestion points: ChatDrawer component (SKILL.md). 2. Boundary markers: Absent in implementation examples. 3. Capability inventory: Navigation and browser data access via ModelInterfaceTools (SKILL.md). 4. Sanitization: Absent in examples. This surface is characteristic of the library's intended functionality.
Audit Metadata