ux-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): A manual review of all 19 files (SKILL.md and all references) confirms the absence of malicious instructions, prompt injection, or obfuscation. The skill's behavior is restricted to providing design evaluation frameworks and checklists.
- NO_CODE (SAFE): The skill is composed exclusively of reference documentation. No scripts (.py, .js, .sh), binary executables, or package manager files (requirements.txt, package.json) are present in the skill package.
- Indirect Prompt Injection (SAFE): While the skill defines a report schema that includes external data ingestion points (Figma and screenshot URLs), the skill itself does not provide the code or tools for fetching or executing data from these sources. There are no exploitable capabilities such as file system writes or arbitrary command execution present in the provided files. (Evidence: Ingestion points: figma_url/screenshot_url in SKILL.md; Boundary markers: Absent; Capability inventory: None; Sanitization: Absent)
Audit Metadata