ui-component-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No malicious instructions, bypass attempts, or behavioral overrides were found in the text or metadata.\n- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations were identified.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install third-party packages or download remote scripts.\n- Indirect Prompt Injection (LOW): The skill possesses a data ingestion surface by processing user specifications to generate UI code. Evidence Chain: (1) Ingestion points: User-provided component requirements; (2) Boundary markers: Absent; (3) Capability inventory: Generation of React, Vue, and JS frontend code; (4) Sanitization: No input validation or escaping logic mentioned.\n- Metadata Poisoning (SAFE): Metadata fields are descriptive and contain no deceptive instructions.
Audit Metadata