gathering-ui
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to perform build verification and visual testing using local development tools.
- Evidence: In
SKILL.md, the skill executesgw dev ci --affected --fail-fastto check for compilation errors after subagent activity. - Evidence: In
SKILL.md, the skill usesuv run --project tools/glimpse glimpseto perform showroom audits, matrix captures, and interactive visual verification. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by passing user-controlled data into subagent prompts.
- Ingestion points: The
{ui_spec}variable used inreferences/conductor-dispatch.mdis populated by the user's initial UI request in Phase 1 ofSKILL.md. - Boundary markers: The dispatch templates in
references/conductor-dispatch.mddo not utilize boundary markers (such as XML tags) or instructions to treat the user input as untrusted data. - Capability inventory: The subagents dispatched with this input have the capability to create and modify source code files within the project directory.
- Sanitization: There is no evidence of sanitization or validation performed on the user-provided UI specification before it is interpolated into the prompts for the 'Chameleon' or 'Deer' subagents.
Audit Metadata