ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill invokes local validation scripts to ensure contract integrity. Evidence: execution of
python _meta/governance/validator.pyandnode .claude/scripts/sfc_lint.mjs. These actions are restricted to internal skill governance and do not involve untrusted parameters. - [PROMPT_INJECTION] (LOW): This skill exhibits an indirect prompt injection surface. Evidence: 1. Ingestion points: User requirements in Step 1. 2. Boundary markers: Absent. 3. Capability inventory: Writes to
tracks/<track_id>/site-design.contract.yamland executes local Python/Node scripts. 4. Sanitization: Relies on external schema validation. Risk is mitigated by the structured nature of the YAML output. - [SAFE] (SAFE): Analysis of the skill body and metadata reveals no hardcoded credentials, network exfiltration attempts, or persistence mechanisms.
Audit Metadata