Skills
NYC
skills/duc01226/easyplatform/ux-designer/Gen Agent Trust Hub

ux-designer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • [Prompt Injection] (HIGH): High risk of Indirect Prompt Injection. The skill is configured to read and process external requirement documents (PBIs) to generate design specifications.
  • Ingestion points: Untrusted data enters the agent context through the Read tool when processing {pbi-file} via the /design-spec command.
  • Boundary markers: Absent. The skill does not use delimiters or provide instructions to the agent to ignore potentially malicious embedded instructions in the source requirements.
  • Capability inventory: The skill has powerful tools including Write, Edit, and WebSearch, which could be abused if the agent follows instructions hidden within a requirement file.
  • Sanitization: No sanitization, escaping, or validation of the external content is specified before the data is interpolated into the workflow.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 04:28 AM