data-to-ui
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: CRITICAL
Full Analysis
- SAFE (SAFE): The skill consists of documentation and TypeScript code snippets for UI development. No security issues were identified.
- Indirect Prompt Injection (SAFE): The skill defines a process for ingesting external JSON data. This is the primary purpose of the skill and it includes recommendations for runtime validation to ensure data integrity. Evidence: 1. Ingestion: JSON data structure defined in Workflow 1; 2. Boundary: Implicit in the generated TypeScript component structure; 3. Capability inventory: Restricted to standard JavaScript and React APIs; 4. Sanitization: Recommendation of JSDoc documentation and Zod validation in the Feedback Loops section.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata