magic-ui-generator
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where external component descriptions could be used to influence the logic of the generated code integrated into the project. * Ingestion points: Component descriptions provided during the requirement analysis phase (SKILL.md). * Boundary markers: No specific delimiters or "ignore embedded instruction" warnings are defined to isolate untrusted input. * Capability inventory: The skill is capable of writing functional TypeScript code and managing project dependencies (SKILL.md). * Sanitization: There is no mention of sanitization or validation of the generated output before project integration.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install external UI libraries. * Evidence: Mentions ensuring that
lucide-reactandframer-motionare installed via package managers (SKILL.md).
Audit Metadata