ui-check-framework
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill defines a framework that ingests data from external web environments, which is a surface for indirect prompt injection. \n
- Ingestion points: The skill interacts with web pages to discover
data-qaordata-testidelements and captures screenshots for layout and theme analysis. \n - Boundary markers: Not specified; the instructions do not include delimiters or warnings to ignore instructions embedded in the tested UI. \n
- Capability inventory: The skill executes Playwright flows and manages scripts defined in
package.json(e.g.,ui:check,ui:watch). \n - Sanitization: Not specified; the instructions do not mention sanitizing content extracted from the DOM. \n- Safe (SAFE): No evidence of hardcoded credentials, malicious remote code execution (curl|bash), or unauthorized data exfiltration was detected.
Audit Metadata