ui-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (LOW): Benign use of 'IMPORTANT' for styling instructions; however, the prompt fails to define safety boundaries for external data processed by the agent.
- [Indirect Prompt Injection] (LOW): Potential vulnerability as the skill ingests user-provided code or HTML to influence its output. (1) Ingestion points: User input of existing design/code via the prompt. (2) Boundary markers: None. (3) Capability inventory: Generates HTML and JavaScript (Chart.js). (4) Sanitization: None.
- [External Downloads] (SAFE): The skill references Chart.js, Lucide icons, and Unsplash images, which are standard trustworthy sources for web development and do not pose an inherent security risk.
Audit Metadata