Skills
skills/vinceh/recipe/ui-creator/Gen Agent Trust Hub

ui-creator

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing local TypeScript scripts (such as evaluate-ui.ts and init-component.ts) using the npx tsx command to automate UI assessments and component scaffolding.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of standard web testing and accessibility libraries, specifically @playwright/test and @axe-core/playwright, to function correctly.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Evaluation workflows ingest content from external URLs; if a target website contains malicious instructions, they could attempt to subvert the agent's analysis.
  • Ingestion points: External web content retrieved via Playwright navigation in scripts/evaluate-ui.ts and scripts/compare-variations.ts.
  • Boundary markers: Not present in the scripts processing the external content.
  • Capability inventory: Local file system access for writing reports and components, and network navigation capabilities.
  • Sanitization: There is no specific sanitization or filtering applied to the external content before the agent interprets the evaluation results.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:28 PM