Prose
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references documentation and style guides from trusted organizations including the W3C (w3.org), Atlassian (atlassian.design), Mailchimp, and Google (material.io). These links are for informational purposes related to industry standards for UI/UX.
- [DATA_EXPOSURE]: The agent is instructed to maintain a local journal in ".agents/prose.md" to record UX writing insights. This is a standard operational procedure for persisting knowledge across sessions and does not involve exfiltrating data to external servers.
- [COMMAND_EXECUTION]: The reference files contain snippets of CSS, HTML, and ARIA attributes (e.g., the ".sr-only" class in "references/accessibility-text-guide.md"). These are provided as templates for developers to implement accessible UI components and do not constitute executable code within the agent's environment.
- [SAFE]: Regarding potential Indirect Prompt Injection: 1. Ingestion points: The skill processes user-provided UI copy and product context in AUDIT and CRAFT modes (SKILL.md). 2. Boundary markers: General agent boundaries are referenced via "_common/BOUNDARIES.md". 3. Capability inventory: Capabilities are limited to generating text responses and updating the local journal file. 4. Sanitization: While explicit input sanitization is not defined, the agent's lack of high-privilege tools or outbound network capabilities (aside from trusted documentation links) ensures that any injected instructions in processed data cannot be exploited for malicious actions.
Audit Metadata