peach-gen-ui
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions consist of legitimate engineering guidelines, persona definitions, and mandatory UI patterns. No attempts to bypass safety filters, override system prompts, or disregard instructions were detected.
- [DATA_EXFILTRATION]: No evidence of hardcoded credentials or unauthorized network operations. The network patterns are standard for Nuxt/Vue frontend modules communicating with an internal backend API via defined store actions. Sensitive file paths (e.g., ~/.ssh) are not accessed.
- [REMOTE_CODE_EXECUTION]: External package installations are restricted to well-known libraries like 'v-calendar' and 'vuedraggable' using standard package managers (bun). There is no execution of remote scripts or unverified code strings.
- [COMMAND_EXECUTION]: Local shell command usage is restricted to development environment verification tasks such as 'vue-tsc' for type checking, 'lint:fix' for code formatting, and 'build' for compilation checks.
- [INDIRECT_PROMPT_INJECTION]: The skill generates UI code that uses 'v-html' for rendering content and descriptions. While this represents a potential injection surface for untrusted data, the skill mitigates risk by requiring 'Yup' validators for all forms and models, and the code is generated for developer review within a controlled module structure.
Audit Metadata