uxui-principles
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-provided interface descriptions and flows for evaluation. This ingestion of untrusted data introduces a risk of indirect prompt injection where malicious instructions could be embedded in the design content.
- Ingestion points: User-supplied interface descriptions and screen flows defined in the SKILL.md documentation.
- Boundary markers: No clear delimiters or sanitization steps are documented to isolate the input data from agent instructions.
- Capability inventory: Evaluation against 168 principles and detection of UX antipatterns.
- Sanitization: No explicit sanitization or input validation mechanisms are described for the untrusted data.
- [EXTERNAL_DOWNLOADS]: The skill documentation provides an installation command,
npx skills add uxuiprinciples/agent-skills, which downloads external functional logic from the vendor's repository. - [DATA_EXFILTRATION]: Mentions an optional API connection to
uxuiprinciples.comto provide enriched findings and citations, which involves transmitting the user's interface context to the author's external service for processing.
Audit Metadata