tui-popup
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates as a pure data transformation tool, converting input component properties into ASCII visualizations and JSON specifications for the Pencil MCP tool.
- [SAFE]: There are no requests for network access, sensitive file access, or credential usage. The skill's logic is contained within the prompt and does not involve external dependencies or remote script execution.
- [SAFE]: The output formats (TUI_RENDER, COMPONENT_SPEC, PENCIL_SPEC, and PENCIL_BATCH_DESIGN) are structured text outputs meant for display or use by specific MCP tools, and do not present a risk of arbitrary command execution on the host system.
- [SAFE]: While the skill processes user-provided JSON input (Category 8 surface), it lacks any high-privilege capabilities (like file writing or network calls) that could be exploited via indirect prompt injection.
Audit Metadata