ui-neuro-ergo
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes evaluate_script to run auditing JavaScript in the browser and references pnpm build for verifying code compilation.
- [PROMPT_INJECTION]: The skill has an autonomous loop that ingests data from external web pages, creating a vulnerability surface.
- Ingestion points: Web page screenshots, accessibility tree snapshots, and source code.
- Boundary markers: No instructions or delimiters are provided to the agent to ignore potentially malicious instructions in audited content.
- Capability inventory: The agent can modify local files and execute scripts in a browser context.
- Sanitization: There is no defined logic to sanitize or filter external data before it is processed by the agent.
Audit Metadata