ux-researcher-designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided JSON data through the
persona_generator.pyscript, which creates an attack surface where malicious instructions could be embedded in the research data.\n - Ingestion points: Data enters the agent context via the
[json]argument passed toscripts/persona_generator.py.\n - Boundary markers: Absent. The skill documentation does not provide delimiters (like XML tags or triple quotes) or specific 'ignore embedded instructions' prompts for the agent when processing this data.\n
- Capability inventory: The skill executes a local Python script to perform analysis and synthesis; while the script source is not provided for review, the stated capability involves processing external input into generated design artifacts.\n
- Sanitization: Absent. No mention of input validation, schema enforcement, or data escaping is present in the skill definition.
Audit Metadata