ux-paths
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the shell to create directories for its output using
mkdir -p docs/ux-paths/topics. While this is a standard setup task, it involves direct command execution on the host system. - [DATA_EXFILTRATION]: The Discovery phase involves a deep scan of the codebase, including sensitive areas like 'Auth / guards', 'State management', and 'Config / feature flags' (specifically mentioning environment variables). This process extracts internal application logic and configuration details into readable markdown files (
docs/ux-paths/discovery.md), which could expose sensitive architectural information if the generated files are shared or committed to public repositories. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests the entire codebase as untrusted data and processes it through multiple sub-agents (Discovery and Story Swarm) without using boundary markers or instructions to ignore embedded commands. Malicious instructions hidden in code comments, documentation, or string literals within the analyzed project could potentially manipulate the sub-agents' behavior.
- Ingestion points: The skill reads the entire application codebase through parallel 'Explore' sub-agents.
- Boundary markers: None. The prompts do not include delimiters or warnings to ignore instructions found within the source code.
- Capability inventory: The skill can read files across the project, create directories, and write documentation to the file system.
- Sanitization: None. The agents process raw source code directly.
Audit Metadata