kanban-board
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security issues detected. The skill is designed to produce a static UI prototype. It contains no executable scripts, hardcoded credentials, or remote network calls.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests content from external files to populate the generated UI.
- Ingestion points: The skill reads the active
DESIGN.mdfile to identify project details (SKILL.md). - Boundary markers: Absent; there are no instructions to delimit input or ignore embedded directives within the design document.
- Capability inventory: The skill is limited to generating a single-screen HTML/CSS artifact.
- Sanitization: Absent; the agent is instructed to directly map values from the design brief into the output HTML.
Audit Metadata