ui-convert-extractor-php
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process untrusted content from PHP, Blade, and Twig template files to extract visual structure. While the instructions focus on structural parsing, the lack of explicit boundary markers or sanitization logic means the agent could potentially be influenced by natural language instructions embedded within the processed templates.
- Ingestion points: PHP, Blade, and Twig template files (SKILL.md)
- Boundary markers: Not specified in the instructions
- Capability inventory: Structural mapping and IR generation; no shell or network capabilities are explicitly invoked by the skill itself
- Sanitization: No sanitization or filtering of template content is described
Audit Metadata