Fluxwing Component Viewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests and displays data from local project files which could contain malicious instructions designed to manipulate the agent. Evidence: 1. Ingestion points: Reads .uxm (JSON) and .md (ASCII) files from
./fluxwing/components/and./fluxwing/library/. 2. Boundary markers: Absent; the agent is not instructed to treat the content as purely passive data. 3. Capability inventory: Limited to Read, Glob, and Grep tools. 4. Sanitization: No sanitization or validation of the file content is performed before it is presented to the agent. - [Data Access] (SAFE): The skill is configured to read from specific project directories and sibling template folders. While it uses relative paths to access sibling directories, the risk is mitigated by the use of read-only tools and the explicit instruction that the skill is a read-only viewer.
Audit Metadata