moai-domain-uiux
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The language is purely instructional and technical.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were identified. The use of
localStoragein theThemeProvideris standard for client-side theme persistence. - Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques are present in the files.
- Unverifiable Dependencies & RCE (SAFE): The skill references well-known, legitimate industry-standard npm packages (e.g., Lucide, Radix UI, Tailwind CSS). No remote script execution or piped command lines (curl | bash) are used.
- Privilege Escalation (SAFE): No use of
sudo,chmod, or other commands for privilege escalation detected. - Persistence Mechanisms (SAFE): No attempts to modify shell profiles, crontabs, or system startup settings.
- Metadata Poisoning (SAFE): Metadata fields are used correctly for categorization and versioning without deceptive content.
- Indirect Prompt Injection (SAFE): The skill provides patterns for UI components like search bars and inputs, but it does not process external untrusted data itself nor does it provide exploitable capabilities to an attacker.
- Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on dates, times, or environmental triggers.
- Dynamic Execution (SAFE): Code snippets use standard DOM manipulation (e.g.,
setProperty) and modern framework patterns. There is no use ofeval(),exec(), or runtime compilation of untrusted strings.
Audit Metadata