Skills
skills/educlopez/ui-craft/finalize/Gen Agent Trust Hub

finalize

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Step 2 of the skill executes npx ui-craft-detect. This triggers the download and execution of a package from the public NPM registry without a specified version or integrity hash, posing a supply chain risk through unverifiable remote code execution.
  • [COMMAND_EXECUTION]: The skill uses npx to spawn a subprocess for running the detection tool, which interacts with the project files and user-defined targets.
  • [EXTERNAL_DOWNLOADS]: The use of npx necessitates fetching code from the external NPM registry at runtime.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in Step 1 and Step 4.
  • Ingestion points: It reads the contents of .ui-craft/brief.md to extract principles (overrides).
  • Boundary markers: There are no boundary markers or instructions to treat the ingested data as untrusted.
  • Capability inventory: The skill possesses the ability to execute shell commands (npx) and read various project files, providing a path for malicious instructions in the brief to influence agent operations.
  • Sanitization: The extracted principles are used directly to override findings without validation or escaping, allowing potentially malicious instructions in the brief to suppress legitimate security or quality warnings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 08:34 PM