skills/egorfedorov/slot-casino-game-developer-skills-for-stake-engine/ui-slot-ux-designer/Gen Agent Trust Hub
ui-slot-ux-designer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/validate_slot_ux_spec.pyto validate JSON-based UX specifications. This is the primary function of the skill and is implemented using standard local execution.\n- [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection through the processing of untrusted input data.\n - Ingestion points: The
validate_slot_ux_spec.pyscript reads an external JSON specification file provided by the user via the--inputflag.\n - Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to disregard natural language instructions that might be present in the data fields of the JSON file.\n
- Capability inventory: The skill has the capability to read files and generate structured patch plans and UX maps based on input content.\n
- Sanitization: While the script validates the JSON schema and data types, it does not sanitize string fields for potential natural language instructions.
Audit Metadata