Skills
skills/catlog22/claude-code-workflow/team-uidesign/Gen Agent Trust Hub

team-uidesign

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because user-supplied task descriptions are interpolated directly into worker agent prompts without sanitization or boundary markers.\n
  • Ingestion points: SKILL.md (Worker Spawn Template) and roles/coordinator/role.md (Phase 1).\n
  • Boundary markers: None used to delimit the <task-description> variable in sub-agent prompts.\n
  • Capability inventory: The agents have access to Bash, Write, Edit, and Agent (for further spawning) tools.\n
  • Sanitization: No input validation or instruction-ignoring guards are present for the requirement field.\n- [REMOTE_CODE_EXECUTION]: The coordinator role includes logic to dynamically generate role specifications (handleAdapt in monitor.md) when a capability gap is reported. The skill also depends on the external ui-ux-pro-max skill for research and design intelligence gathering.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for environment discovery (e.g., executing pwd to find the project root) and the Agent tool to orchestrate worker agents. It also utilizes a ccw cli tool for data reading and writing operations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 04:03 AM