ui-mockup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill provides bash commands for file management, version control, and build automation using CMake. These operations are essential for its purpose as a development tool and are restricted to the local project environment. Evidence:
assets/integration-checklist-template.md. - [PROMPT_INJECTION] (LOW): An indirect prompt injection surface (Category 8) is present because the skill ingests content from files like
creative-brief.mdto inform the generation of executable UI code. Evidence: 1. Ingestion points:references/context-extraction.mdreads project documentation. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used during data ingestion. 3. Capability inventory: The skill can generate and orchestrate the execution of HTML/JS and C++ code. 4. Sanitization: Content from context files is used without explicit filtering for malicious instructions.
Audit Metadata