ui-audit
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [SAFE] (SAFE): The skill is entirely composed of Markdown-based documentation and reference materials. No executable code, shell scripts, or dangerous commands were found in the skill payload.
- [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest external design data (Figma URLs or website screenshots) to perform audits. This creates an attack surface for indirect prompt injection where a malicious design could contain hidden instructions for the agent. However, as the skill only generates a diagnostic JSON report and lacks high-privilege capabilities like file modification or network exfiltration, the risk is classified as low.
- [COMMAND_EXECUTION] (SAFE): The
package.jsoncontains apostinstallscript, but it only echoes informational installation instructions to the terminal and does not execute any functional code.
Audit Metadata