tui-04x
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is text-to-text transformation, converting an input JSON model into ASCII art and structured JSON specifications.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to parse and process external JSON data (input model), which is a common surface for indirect prompt injection. However, the instructions strictly constrain the output to specific blocks (TUI_RENDER, COMPONENT_SPEC, etc.), which significantly limits the potential for instruction leakage or tool misuse.
- Ingestion points: Processes an
input model JSONwith fields likepropsandstate(SKILL.md). - Boundary markers: The skill uses defined output blocks but does not specify delimiters for input data.
- Capability inventory: No file system access, network requests, or shell command execution instructions are present in the skill.
- Sanitization: The skill does not describe specific sanitization steps for input data.
Audit Metadata