review-ux-ui
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process and analyze untrusted content from external sources (URLs via WebFetch or source code via Read/Grep/Glob). This content could contain malicious instructions meant to subvert the agent's logic, known as Indirect Prompt Injection.
- Ingestion points: The 'Procedure' section requires the agent to ingest external data from a provided URL or prototype source code.
- Boundary markers: The skill does not include specific delimiters or 'ignore' instructions to prevent the agent from being influenced by text within the analyzed data.
- Capability inventory: The skill uses retrieval tools (WebFetch) and file system access (Read, Grep, Glob) to gather information for the audit.
- Sanitization: No sanitization or validation steps are included to filter the incoming data before it is presented to the agent for evaluation.
- [NO_CODE]: The skill consists entirely of instructional Markdown content and does not include any accompanying scripts (Python, JavaScript, etc.), which reduces the direct execution risk.
Audit Metadata