generative-ui-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill contains a shell script
scripts/validate-rsc-setup.shwhich executes local commands to check project dependencies and versions. - Evidence: The script uses
grep,node, andsedto parsepackage.jsonandtsconfig.jsonto verify Next.js, React, and AI SDK versions. - Risk: These are standard environment checks for a developer tool and operate only on local project metadata.
- [DATA_EXPOSURE] (SAFE): While the patterns involve AI SDKs, they use standard environment variable patterns (e.g.,
openai('gpt-4o')) without hardcoding secrets or accessing sensitive system files. - [PROMPT_INJECTION] (LOW): The templates use user-provided strings directly in LLM prompts (e.g.,
messages: [{ role: 'user', content: prompt }]). - Risk: Standard risk for any AI-integrated application (Indirect Prompt Injection). The skill documentation explicitly recommends content sanitization using
isomorphic-dompurifyto mitigate XSS from AI-generated content.
Audit Metadata