ai-ui-slop-review

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill includes a robust 'Evidence safety' section that explicitly instructs the agent to treat all input data (OCR, DOM, metadata) as untrusted content and to ignore any embedded instructions or commands.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external screenshots and web content. However, the instructions provide clear boundaries and limit the agent's capabilities to review-only tasks, explicitly forbidding network changes, form submissions, or tool execution based on the processed content.
  • Ingestion points: SKILL.md (screenshots, OCR, DOM content, fetched page content).
  • Boundary markers: Explicitly present in the 'Evidence safety' section.
  • Capability inventory: Limited to textual analysis and review; explicitly prohibits writing to the filesystem, network operations, or tool invocation.
  • Sanitization: Instructions mandate treating input as data rather than instructions.
  • [DATA_EXFILTRATION]: The skill explicitly forbids disclosing secrets, signing in, or submitting data, which mitigates exfiltration risks during UI reviews.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 05:02 AM