Skills
skills/gyorkluu/electrobun-skills/electrobun-native-ui/Gen Agent Trust Hub

electrobun-native-ui

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements an RPC handler that processes untrusted data from a webview without sufficient validation, creating an indirect prompt injection surface.\n
  • Ingestion points: The showContextMenu RPC handler in SKILL.md accepts a context object from the webview environment.\n
  • Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the RPC data handling logic.\n
  • Capability inventory: The skill utilizes shell.openExternal for link navigation and dialog.showSaveDialog for file operations.\n
  • Sanitization: The context.linkUrl property is passed directly to shell.openExternal without any sanitization or protocol whitelisting, which could allow a compromised webview to execute arbitrary URI schemes or redirect users to malicious websites.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 04:22 AM