ui-cloner-forensic-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides several JavaScript snippets for the agent to execute within a browser environment. These scripts perform DOM queries, computed style extraction, and technical stack detection for auditing purposes.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it extracts and processes text content from untrusted external websites. 1. Ingestion points: Website content extracted in Steps 1.3, 1.3b, and 1.9. 2. Boundary markers: Absent; data is placed directly into 'Site DNA' templates. 3. Capability inventory: File-write to 'plans/01-site-dna.md' and invocation of the 'ui-cloner-brand-interview' skill. 4. Sanitization: Absent for extracted website copy and metadata.
Audit Metadata