ux-researcher-designer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill processes external data which serves as a vector for indirect prompt injection.
- Ingestion points:
persona_generator.pytakes a[json]argument and processes user data/interviews as described in the features. - Boundary markers: The skill documentation provides no evidence of delimiters or instructions to ignore embedded commands within the research data.
- Capability inventory: While the script runs locally, its outputs (personas, scenarios, design implications) are used to drive the agent's subsequent reasoning and creative decisions.
- Sanitization: There is no documentation regarding the sanitization of input data or validation of the JSON schema to prevent injection of malicious natural language instructions.
Audit Metadata