Skills
skills/prowler-cloud/prowler/prowler-ui/Gen Agent Trust Hub

prowler-ui

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes pnpm install to manage project dependencies. This involves fetching packages from the public npm registry, which is standard behavior for Node.js projects but constitutes a remote dependency download.
  • [COMMAND_EXECUTION] (LOW): The skill defines several bash commands for the agent to execute, including pnpm run dev, pnpm run build, and pnpm run test:e2e. These are restricted to the local development environment and are expected for the skill's purpose.
  • [INDIRECT PROMPT INJECTION] (LOW): The skill instructs the agent on how to structure and write UI code. Because the agent is expected to read and modify existing files, it has an inherent surface area for indirect prompt injection from untrusted code in the repository.
  • Ingestion points: Uses Read, Glob, and Grep to access project files in ui/.
  • Boundary markers: None provided in the instruction set to separate instructions from code data.
  • Capability inventory: Permissions include Bash, Write, Edit, and WebFetch.
  • Sanitization: No specific sanitization or validation routines are defined for data ingested from the file system.
  • [DATA_EXPOSURE & EXFILTRATION] (SAFE): The skill includes a 'QA Checklist' that explicitly reminds the user to avoid hardcoding secrets and to use .env.local for environment variables, which aligns with security best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:00 PM