ui-verify
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection as it ingests and processes untrusted data from external files that can influence agent behavior.
- Ingestion points: The skill reads mockup HTML/CSS files from
docs/mockups/and project source files (USS and C#) during the audit process. - Boundary markers: No explicit boundary markers or instructions to ignore instructions embedded in the design mockups are provided.
- Capability inventory: The agent uses
mcp__UnityMCP__manage_sceneto capture screenshots and is instructed to directly fix implementation code in local files. - Sanitization: Content from the ingested mockup and source files is not sanitized or validated before processing.
Audit Metadata