Skills
skills/thehotwireclub/hotwire_club-skills/hwc-ux-feedback/Gen Agent Trust Hub

hwc-ux-feedback

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Prompt Injection (LOW): Indirect Prompt Injection surface found in references/2024-08-13-turbo-drive-ulid.md. Evidence: 1. Ingestion points: Ingests todo[title] from form submission data. 2. Boundary markers: None. 3. Capability inventory: Uses insertAdjacentHTML to inject content into the document body. 4. Sanitization: No sanitization of the user-provided title is shown before interpolation.
  • Prompt Injection (LOW): Indirect Prompt Injection surface found in references/2023-06-06-turbo-drive-form-activity-indicators.md. Evidence: 1. Ingestion points: Ingests data directly from URL search parameters (amount, date_of_birth). 2. Boundary markers: None. 3. Capability inventory: Writes values directly to form input elements. 4. Sanitization: No validation or sanitization of URL parameters.
  • External Downloads (LOW): The skill references several external Node.js packages including @hotwired/turbo, @hotwired/stimulus, stimulus-use, ulid, and @domchristie/composite. These are standard packages for the Hotwire/Rails ecosystem and are considered low risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM