Skills
skills/mastepanoski/claude-skills/ux-audit-rethink/Gen Agent Trust Hub

ux-audit-rethink

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill is composed entirely of markdown documentation and instructional templates. It does not contain any functional code, shell scripts, or automation logic that could be exploited for command execution or unauthorized system access.
  • [PROMPT_INJECTION]: The skill is designed to ingest and evaluate untrusted external content, which introduces a surface for indirect prompt injection where an attacker could influence the agent's behavior through the data being audited.
  • [INGESTION_POINTS]: The skill accepts external data via the user_feedback and screenshots_or_links inputs defined in the Inputs Required section of SKILL.md.
  • [BOUNDARY_MARKERS]: There are no specific delimiters or instructional guardrails (e.g., 'treat the following as data only') to prevent the agent from following instructions embedded within the user feedback or linked pages.
  • [CAPABILITY_INVENTORY]: While the skill itself has no active code, it is intended to be used by agents with capabilities like web browsing or image analysis, which are the primary vectors for this attack surface.
  • [SANITIZATION]: The skill provides no logic for sanitizing, filtering, or validating the input data before it is processed by the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 05:10 PM