building-nds-ui
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to take external inputs (headlines, body text, FAQ items) and interpolate them directly into UI component templates in
reference/components.md. - Ingestion points:
HeroProps,Stats,Content, andFAQcomponents inreference/components.mdaccept strings as props. - Boundary markers: Absent. There are no instructions to the agent to sanitize or ignore instructions embedded within the user-provided text for these UI elements.
- Capability inventory: None. The skill only provides UI templates and does not execute system commands, write files, or perform network operations.
- Sanitization: Absent. The skill provides raw React/Next.js code templates without validation of the input strings.
Audit Metadata