ui-verify
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and prioritizes content from mockup files (e.g.,
docs/mockups/*.html) to guide its actions. An attacker who can modify these files could embed instructions that the agent might follow during the verification or 'fix' phases. - Ingestion points: Reads mockup HTML/CSS from
docs/mockups/and implementation source code (USS, C#). - Boundary markers: None present; the skill explicitly instructs the agent to 're-read' the mockup and follow it over prior context.
- Capability inventory: The agent has the ability to take screenshots via
mcp__UnityMCP__manage_scene, read arbitrary project files, and modify implementation files to 'fix' detected deltas. - Sanitization: No validation or sanitization of the mockup content is performed before the agent interprets it as a source of truth.
Audit Metadata