ui-designer
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands in Step 5 (
findandgrep) to search the local filesystem for React project configurations. It further provides automated setup instructions usingnpxandnpmto install standard UI development libraries. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external user data (Project idea files and Reference images) in Step 1, which are later used as context for subagents and prompt generation.
- Ingestion points: Files provided by the user in the 'Reference images directory' and the 'Project idea file' are ingested into the workflow at Step 1 and Step 3.
- Boundary markers: Templates in
assets/app-overview-generator.mdandassets/vibe-design-template.mdinclude markdown comments (e.g.,<!-- PROJECT_BACKGROUND_START -->) to delimit user-provided content. - Capability inventory: The skill can execute filesystem searches, suggest package installations, and use subagents for high-level tasks like code generation.
- Sanitization: No specific sanitization or filtering logic is defined for the content extracted from the user's idea files or image metadata before it is interpolated into implementation prompts.
Audit Metadata