tui-intro
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to transform structured JSON input into TUI ASCII art and component specifications. No malicious instructions or hidden behaviors were found.
- [PROMPT_INJECTION]: The skill defines a surface for processing untrusted input via a model JSON (ingestion point: SKILL.md). While it currently lacks boundary markers and sanitization instructions, the risk is mitigated by the absence of dangerous capabilities (capability inventory: text generation only; no network, shell, or file system access).
- [COMMAND_EXECUTION]: There are no instructions for the agent to execute shell commands. The output blocks containing design calls are produced as text data for use in external drawing tools.
- [DATA_EXFILTRATION]: No patterns for harvesting secrets or sensitive files were identified. The skill operates solely on the provided UI properties.
Audit Metadata