ui-convert-detector
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The main Node.js script executes bundled Python scripts for language-specific analysis. This execution is performed using
execFile, which limits the risk of command injection by passing arguments directly to the process. - [EXTERNAL_DOWNLOADS]: Uses standard, well-known dependencies from official registries (npm and PyPI) to handle file globbing and configuration parsing.
- [DATA_EXFILTRATION]: The skill reads file paths and contents from the target project directory. It only writes these findings to a local results file (
project.json) and an error log within the project's own.ui-convertfolder. No data is sent over the network.
Audit Metadata