eval-ui-ux
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown-based instructions for an AI evaluator and does not include any embedded scripts, binaries, or automated shell commands.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to read and analyze untrusted files from a software repository. This risk is inherent to its primary purpose as an evaluator.\n
- Ingestion points: The skill analyzes source code in
src/components/andsrc/app/, as well asspec.md,plan.md, and CSS configuration files.\n - Boundary markers: The instructions do not specify any delimiters or safety markers to isolate the content of analyzed files from the evaluator's system instructions.\n
- Capability inventory: The agent's capabilities are restricted to generating evaluation reports; no filesystem-write, subprocess-execution, or network-access tools are defined in the skill.\n
- Sanitization: There are no explicit instructions to sanitize or validate the text content retrieved from the target project files.
Audit Metadata