onboarding-ux
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs UX audits by browsing the specified application using standard browser automation tools such as Playwright or Chrome MCP.
- [SAFE]: File system activity is limited to reading project configuration (e.g., 'wrangler.jsonc', 'CLAUDE.md') and writing audit reports and generated code to the '.jez/artifacts/' directory, which is a vendor-owned resource.
- [SAFE]: The skill generates UI code snippets (React/TSX) based on identified gaps, matching existing project patterns and libraries such as shadcn/ui.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from the application being audited to produce reports and code. 1. Ingestion points: Application UI elements and page content during browsing. 2. Boundary markers: Absent. 3. Capability inventory: Writing files to the local file system. 4. Sanitization: No explicit sanitization of ingested content before interpolation. This surface is considered low risk given the primary function of the skill.
Audit Metadata