Skills
skills/raddue/crucible/mockup-builder/Gen Agent Trust Hub

mockup-builder

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingests untrusted data from project files to determine design requirements, creating an indirect prompt injection surface.
  • Ingestion points: Design documents in docs/plans/ and existing HTML mockups in docs/mockups/.
  • Boundary markers: The instructions do not define delimiters or warnings to ignore embedded instructions in these files.
  • Capability inventory: The skill writes to the file system (docs/mockups/), performs git commit, and invokes the crucible:quality-gate tool.
  • Sanitization: There is no content validation or sanitization mentioned for the ingested data.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell-level commands and platform tools as part of its workflow.
  • Evidence: It requires the agent to commit files to git and invoke the crucible:quality-gate command after generating the mockup.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 02:18 PM