ui-design
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process user-provided UI requirements which creates an attack surface for indirect prompt injection. Ingestion points: user-defined interface requirements. Boundary markers: none specified in the skill logic. Capability inventory: the agent has shell access for auditing (grep) and file generation capabilities. Sanitization: no input validation or sanitization routines are implemented.
- [COMMAND_EXECUTION]: The skill includes a 'Self-Audit Checklist' that instructs the agent to execute grep commands to search its own generated code for non-compliant design elements like specific colors, fonts, or emoji characters.
- [EXTERNAL_DOWNLOADS]: The skill recommends the use of professional and well-known external resources for icons and media, including FontAwesome, Heroicons, Lucide, Unsplash, Pexels, and Vimeo. These are recognized as safe and reputable technology services.
Audit Metadata