ui-doctor
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for static UI auditing. It identifies patterns in application source code to promote the use of the Iress Design System, which is a legitimate developer productivity task.
- [SAFE]: References to external resources, such as the Storybook URL hosted on Chromatic (chromatic.com), are transparent and point to well-known services commonly used for design system documentation.
- [SAFE]: Package recommendations and usage checks involve standard vendor-specific libraries (@iress-oss/ids-components and @iress-oss/ids-tokens) and well-known ecosystem libraries like react-hook-form. No malicious dependencies were found.
- [SAFE]: The skill processes untrusted user-provided source code as its primary task. While this is an indirect prompt injection surface, the skill lacks execution capabilities (e.g., subprocess, eval) and network-writing functions that would allow for data exfiltration or system compromise.
- [SAFE]: No evidence of prompt injection, obfuscation, or unauthorized command execution was detected within the instructions or supporting files.
Audit Metadata