ui-cloner
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves analyzing external data from user-provided URLs. Malicious instructions embedded within a target website's HTML, metadata, or visible text could potentially influence the agent's behavior during the forensic audit, synthesis, or quality check phases.
- Ingestion points: Untrusted data enters the agent context via the target URL processed in Phase 1 (ui-cloner-forensic-audit).
- Boundary markers: The skill logic lacks explicit boundary markers or instructions to the agent to ignore embedded commands within the analyzed web content.
- Capability inventory: The skill is capable of creating a 'plans/' directory and writing multiple markdown files (01-site-dna.md through 05-iterator.md) to the local file system.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the content retrieved from external URLs before it is used to generate the replication prompts.
Audit Metadata