ui-cloner-synthesis
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data without sanitization.\n
- Ingestion points: Reads project data from
plans/01-site-dna.mdand user-provided brand interview answers.\n - Boundary markers: Absent. Rule 2 and Rule 2b explicitly instruct the agent to transplant artifacts from the source files verbatim or directly.\n
- Capability inventory: The skill writes the generated output to a local file (
plans/03-replication-prompt.md).\n - Sanitization: No escaping or validation is performed on the ingested data before it is incorporated into the final output prompt.
Audit Metadata