ux-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
- No Executable Code (INFO): The skill consists entirely of markdown instructions and does not include any Python, Node.js, or shell scripts. This significantly reduces the attack surface by eliminating possibilities for RCE, privilege escalation, or persistence.
- Indirect Prompt Injection (LOW): The skill's primary function is to process untrusted external data, such as UI code and PR descriptions, which may contain malicious instructions designed to influence the agent's output. 1. Ingestion points: External UI components and PR content. 2. Boundary markers: Absent; the skill does not define delimiters to isolate external content from its own instructions. 3. Capability inventory: Reasoning and report generation only; no file-write, network, or subprocess capabilities were identified. 4. Sanitization: Absent; no input validation or sanitization mechanisms are described.
Audit Metadata