Skills
skills/mmcmedia/openclaw-agents/ui-ux-designer/Gen Agent Trust Hub

ui-ux-designer

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill contains predefined bypass phrases ("skip QA" or "ship it anyway") that allow an agent to skip the internal quality assurance checks. While provided for the user, these markers could be triggered by an attacker if they are embedded in untrusted task briefs.
  • [Indirect Prompt Injection] (MEDIUM):
  • Ingestion points: The skill ingests external "inspiration images" and "task briefs" to guide UI generation (File: SKILL.md).
  • Boundary markers: None. The skill does not define delimiters or instructions to ignore embedded commands within the provided inspiration or briefs.
  • Capability inventory: The skill generates executable JavaScript code and interacts with an automated QA system ("Fitz") and sub-agents (File: SKILL.md).
  • Sanitization: There is no mention of sanitizing or validating the input data before it is used to generate code or influence agent decisions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 09:03 PM