ai-ui-slop-review
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes a robust 'Evidence safety' section that explicitly instructs the agent to treat all input data (OCR, DOM, metadata) as untrusted content and to ignore any embedded instructions or commands.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external screenshots and web content. However, the instructions provide clear boundaries and limit the agent's capabilities to review-only tasks, explicitly forbidding network changes, form submissions, or tool execution based on the processed content.
- Ingestion points: SKILL.md (screenshots, OCR, DOM content, fetched page content).
- Boundary markers: Explicitly present in the 'Evidence safety' section.
- Capability inventory: Limited to textual analysis and review; explicitly prohibits writing to the filesystem, network operations, or tool invocation.
- Sanitization: Instructions mandate treating input as data rather than instructions.
- [DATA_EXFILTRATION]: The skill explicitly forbids disclosing secrets, signing in, or submitting data, which mitigates exfiltration risks during UI reviews.
Audit Metadata