ui-setup
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided data such as app names, brand preferences, and page descriptions to generate code scaffolds and update CSS tokens. While this is the intended functionality of a setup wizard, it represents a surface where user-supplied strings could influence the AI's generation logic.
- Ingestion points: User responses to questions about app type, brand colors, typography, and page purpose in
SKILL.md. - Boundary markers: None explicitly defined to separate user input from the generation prompt.
- Capability inventory: The agent is instructed to update
css/theme.css, modify font-related files, and scaffold new page files. - Sanitization: No explicit sanitization or validation of user-provided strings is mentioned in the instructions.
- [EXTERNAL_DOWNLOADS]: The skill contains references to the official StyleSeed repository and documentation on GitHub (
github.com/bitjaru/styleseed). These references are informative and point to the skill's own source and templates.
Audit Metadata