skills/lennney/skills/ui-modernizer/Gen Agent Trust Hub

ui-modernizer

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the execution of numerous local Node.js scripts (e.g., load-config.mjs, detect-stack.mjs, visual-snapshot.mjs, ast-extract.mjs, report.mjs) to perform analysis and modification. These scripts run with the agent's privileges and have full access to the project's filesystem.
  • [EXTERNAL_DOWNLOADS]: The skill invokes npx shadcn@latest to install and initialize UI components. This downloads and executes code from a remote registry at runtime. While shadcn is a well-known service, it represents a dynamic external dependency.
  • [COMMAND_EXECUTION]: During the visual snapshot phases (Steps 4 and 6), the skill initiates the project's development server (typically npm run dev) on a local port. This involves executing arbitrary scripts defined in the user's project.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the user's codebase.
  • Ingestion points: The agent reads all UI source files (.tsx, .jsx, .vue, .svelte) and the .ui-modernizer.json configuration file.
  • Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded prompts when reading these files.
  • Capability inventory: The skill possesses extensive capabilities, including writing to the filesystem, executing shell commands via Node.js scripts, and starting local network servers.
  • Sanitization: There is no evidence of sanitization or filtering of the content read from project files before it is processed by the agent's logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 02:27 PM
Security Audit — agent-trust-hub — ui-modernizer