ui-design
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data and possesses write capabilities.
- Ingestion points: Step 1 ('读代码') involves reading local project files, and the interaction flow accepts arbitrary user input for '描述现状' and '微调'.
- Boundary markers: The skill does not define any delimiters or system-level instructions to ignore embedded commands within the files it reads or the user input it processes.
- Capability inventory: The skill explicitly instructs the agent to modify source code in Step 4 ('改代码') and Step 5 ('微调').
- Sanitization: There is no evidence of input validation, escaping, or sanitization of the content extracted from project files or provided by the user before it is used to generate code changes.
Recommendations
- AI detected serious security threats
Audit Metadata