tui-no-network
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is functionally a data-to-text transformer. It does not perform any network operations, access sensitive credentials, or attempt to execute shell commands or remote scripts.
- [PROMPT_INJECTION]: The skill defines a workflow that ingests external data (the Input Model JSON) and processes it into generated output blocks. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the input data. However, the skill lacks any capabilities that would make such an injection dangerous, such as the ability to execute code or exfiltrate data.
- Ingestion points: Input Model JSON provided by the user or an external process as described in the Workflow section of
SKILL.md. - Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are defined in the output contract to separate data from instructions.
- Capability inventory: The skill's output is limited to text blocks (
TUI_RENDER,PENCIL_BATCH_DESIGN) and JSON blocks (COMPONENT_SPEC,PENCIL_SPEC). It has no tools or permissions for file system writes, network requests, or code execution. - Sanitization: No validation or sanitization of the input fields is specified before interpolation into the output blocks.
Audit Metadata