frontend-design-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell scripts located within the skill's directory structure, specifically
scripts/scan_ui_sources.shandscripts/generate_output_skeleton.sh. These scripts are used to scan local repositories and create output directories, which involves direct filesystem interaction. - [PROMPT_INJECTION]: The skill is designed to process untrusted data from existing codebases, creating a surface for indirect prompt injection. Malicious instructions embedded in source code, comments, or documentation of the analyzed project could potentially influence the agent's behavior during the extraction process.
- Ingestion points: Files within the target codebase scanned by
scripts/scan_ui_sources.sh. - Boundary markers: No specific delimiters or instructions to ignore embedded commands are defined in the skill.
- Capability inventory: The agent has the capability to read local files, write to a designated
ui-ux-spec/folder, and execute the referenced shell scripts. - Sanitization: The instructions do not specify any validation or sanitization of the content extracted from the codebase before processing.
Audit Metadata