stac-screen-builder
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill executes local Python scripts (
scripts/new_screen.py,scripts/new_theme_ref.py) to generate file structures and code. This is a standard capability for a developer scaffolding tool. - [Indirect Prompt Injection] (LOW): The skill ingests user requirements to generate UI definitions, creating a surface for injection. Evidence: 1. Ingestion points: User requirements for screen features and interactions. 2. Boundary markers: Absent in the SKILL.md file. 3. Capability inventory: Execution of Python scripts with file-writing capabilities and access to local templates. 4. Sanitization: No sanitization or validation of input is specified in the provided instructions.
Audit Metadata