ui-designer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Command Execution] (SAFE): The skill executes a
findcommand in Step 5 to detect existing React projects by searching for 'react' withinpackage.jsonfiles. This is a standard read-only environment check. - [External Downloads] (LOW): Step 5 recommends running
npm installandnpxto set up Tailwind CSS and React dependencies. These installations target the official npm registry, which is a trusted source, and are necessary for the skill's primary purpose. - [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted external data including user-provided UI screenshots and project idea documents.
- Ingestion points: Reference images directory and project idea markdown files.
- Boundary markers: Prompt templates in
assets/utilize XML-style tags (e.g.,<context>,<goal>) to delimit user data from system instructions. - Capability inventory: Subprocess execution for shell commands (
find) and package management (npm). - Sanitization: There is no explicit sanitization or filtering of the text extracted from images or provided in project documents before they are interpolated into subagent prompts.
Audit Metadata