ux-extract
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it is designed to ingest and process content from untrusted external web pages.
- Ingestion points: External URLs, sitemaps, and web app screens (via Chrome/Playwright MCP).
- Boundary markers: The instructions do not explicitly provide delimiters or 'ignore' instructions for the agent when handling the text captured from external sources.
- Capability inventory: The skill uses browser automation (screenshots, navigation, JS injection) and has permissions to write files to the local directory (e.g.,
docs/ux-extracts/). - Sanitization: No explicit sanitization or filtering is mentioned for the extracted text content before it is stored or processed.
- [COMMAND_EXECUTION]: The skill mentions injecting JavaScript via browser tools specifically to read computed styles and interaction patterns. This execution is scoped to the browser context and is standard for UX audit functionality.
- [EXTERNAL_DOWNLOADS]: The skill leverages external browser automation tools (Chrome MCP and Playwright MCP) to interact with and download content (screenshots and text) from target websites. This is consistent with the primary purpose of the skill.
Audit Metadata