faion-ui-designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill instructs the agent to perform 'Auto-Investigation' by reading local project files such as
tokens.json,tailwind.config.js, and documentation in.aidocs/. While this creates an ingestion surface for untrusted data if these files are attacker-controlled, the skill itself provides only static methodologies and does not execute dynamic code based on the content of these files. - Ingestion points:
tokens.json,tailwind.config.js,.aidocs/product_docs/,.aidocs/constitution.md. - Boundary markers: Absent in the methodology descriptions.
- Capability inventory: The skill description implies file creation/modification (wireframes, prototypes, design systems) but does not include scripts to perform these actions.
- Sanitization: Not applicable as no processing code is included.
- [No Code] (SAFE): The skill consists entirely of Markdown files. Code snippets provided in the READMEs (JSON, CSS, Swift, XML, Javascript) are for documentation and reference purposes only and are not executed by the skill.
Audit Metadata