tui-notice-bar
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional and transformative, converting input JSON into text-based TUI representations and design specifications. It does not include any executable code, shell commands, or network operations.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted input data (JSON model) to generate UI components. While this is a data ingestion point, the skill lacks the necessary capabilities (such as file writes or network access) to be exploited through this vector.
- Ingestion points: Input Model JSON parsed in the first step of the workflow.
- Boundary markers: None explicitly defined in the instructions.
- Capability inventory: No risky capabilities (no file-system access, no network operations, no subprocess execution).
- Sanitization: None specified beyond truncation of error message length.
Audit Metadata