ui-mockup
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it transforms data from untrusted sources into structured mockup files.
- Ingestion points: Input is gathered from system-design-doc.md and user requirements to drive the /create-mockup and /edit-mockup commands.
- Boundary markers: The skill instructions do not specify any boundary markers or instructions to the agent to ignore potentially malicious directions embedded within input design documents.
- Capability inventory: The skill defines a workflow for writing and updating files within the .mockups/ directory as described in SKILL.md.
- Sanitization: No sanitization or validation of the input content is described before it is rendered into mockup files.
- [NO_CODE]: The skill consists entirely of markdown documentation, templates, and JSON configuration files. No executable scripts are included in the package.
Audit Metadata