ui-modernizer
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the execution of numerous local Node.js scripts (e.g.,
load-config.mjs,detect-stack.mjs,visual-snapshot.mjs,ast-extract.mjs,report.mjs) to perform analysis and modification. These scripts run with the agent's privileges and have full access to the project's filesystem. - [EXTERNAL_DOWNLOADS]: The skill invokes
npx shadcn@latestto install and initialize UI components. This downloads and executes code from a remote registry at runtime. While shadcn is a well-known service, it represents a dynamic external dependency. - [COMMAND_EXECUTION]: During the visual snapshot phases (Steps 4 and 6), the skill initiates the project's development server (typically
npm run dev) on a local port. This involves executing arbitrary scripts defined in the user's project. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the user's codebase.
- Ingestion points: The agent reads all UI source files (
.tsx,.jsx,.vue,.svelte) and the.ui-modernizer.jsonconfiguration file. - Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded prompts when reading these files.
- Capability inventory: The skill possesses extensive capabilities, including writing to the filesystem, executing shell commands via Node.js scripts, and starting local network servers.
- Sanitization: There is no evidence of sanitization or filtering of the content read from project files before it is processed by the agent's logic.
Audit Metadata