Skills
skills/pluginagentmarketplace/custom-plugin-ux-design/ui-design/Gen Agent Trust Hub

ui-design

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • Prompt Injection (SAFE): No malicious instructions or bypass markers were found in the skill markdown or metadata.
  • Indirect Prompt Injection (LOW): The skill identifies a surface for ingesting untrusted external data. 1. Ingestion points: guidelines_url parameter in SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: The skill is restricted to generating design documentation and does not have file system write or shell execution permissions. 4. Sanitization: No input validation or sanitization is performed on content retrieved from external URLs.
  • Metadata Poisoning (LOW): A version mismatch exists between SKILL.md (1.3.0) and config.yaml (1.0.0), indicating potential maintenance or synchronization issues.
  • Data Exposure & Exfiltration (SAFE): No hardcoded credentials or access to sensitive local file paths were found.
  • Unverifiable Dependencies & RCE (SAFE): The validation script uses standard Python libraries and safe loading methods like yaml.safe_load().
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 06:44 AM