skills/dicklesworthstone/agent_flywheel_clawdbot_skills_and_integrations/ui-ux-polish/Gen Agent Trust Hub
ui-ux-polish
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a workflow where an AI agent processes and modifies application source code, creating a surface for indirect prompt injection. 1. Ingestion points: The agent is instructed to ingest and analyze the existing codebase of a web application (SKILL.md). 2. Boundary markers: The recommended prompts do not utilize delimiters to separate instructions from the application code being processed, nor do they instruct the agent to ignore embedded instructions. 3. Capability inventory: The workflow expects the agent to perform file-writing operations to implement UI/UX improvements. 4. Sanitization: No sanitization or safety validation of the ingested code is described before processing.
- [COMMAND_EXECUTION]: The documentation includes example commands for the 'bd' (Beads) CLI tool to manage enhancement tasks. These are intended for user organization and do not represent automated execution of dangerous or malicious commands.
Audit Metadata