mockup-prototype
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as
open,git, andghto manage local repository clones and open browser windows. These operations are essential for the workflow of creating, committing, and deploying UI mockups and are restricted to specific directories within the user's local GitHub clones.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it generates HTML and JavaScript code based on user-provided descriptions. This content is subsequently executed locally in a browser or deployed to GitHub Pages. While this is the intended primary functionality, the skill lacks explicit sanitization for the generated content.\n - Ingestion points: User descriptions provided during the generation (Phase 1) and iteration (Phase 2) steps in
SKILL.md.\n - Boundary markers: No specific delimiters or safety instructions are implemented to isolate user content from the generated code templates.\n
- Capability inventory: The skill can write to the local file system, execute shell commands (
git,gh,open), and perform automated pull request merges.\n - Sanitization: There is no evidence of validation or escaping for the generated HTML/JS code before it is used.
Audit Metadata