Skills
skills/laststance/skills/ux-gap-detector/Gen Agent Trust Hub

ux-gap-detector

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its core function of ingesting and analyzing untrusted data from target websites.
  • Ingestion points: Untrusted content is ingested from the target application via browser_snapshot (accessibility tree) and browser_screenshot commands throughout the Discovery and Scenario Execution phases in SKILL.md and categories.md.
  • Boundary markers: The skill does not employ delimiters or explicit instructions to the agent to ignore or isolate instructions that may be embedded in the audited website's content.
  • Capability inventory: The skill is granted the Bash tool and gh CLI for creating GitHub issues, which are powerful capabilities that could be targeted for abuse if the agent is manipulated by malicious website data.
  • Sanitization: There is no evidence of sanitization, filtering, or structural validation of the data retrieved from the target URL before it is processed and analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 03:47 PM
Security Audit — agent-trust-hub — ux-gap-detector