ui-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from project files to generate code.
- Ingestion points: The skill reads
ideas/[project]/project-brief.mdandshared/docs/style-guide.mdto provide context for UI generation. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the input files are defined in the execution flow.
- Capability inventory: The agent has
Read,Write,Edit,Glob,Grep, andTasktools, allowing it to modify the filesystem but not access the network. - Sanitization: There is no evidence of sanitization or filtering of the content read from input files before it is processed by the LLM.
- Data Exposure & Exfiltration (SAFE): While the skill reads project documentation, it does not have access to network tools (like curl or wget) or credentials, making exfiltration of that data unlikely within the skill's defined scope.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any package installation or remote script fetching. All operations are local file manipulations.
Audit Metadata