ui-designer

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands in Step 5 (find and grep) to search the local filesystem for React project configurations. It further provides automated setup instructions using npx and npm to install standard UI development libraries.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external user data (Project idea files and Reference images) in Step 1, which are later used as context for subagents and prompt generation.
  • Ingestion points: Files provided by the user in the 'Reference images directory' and the 'Project idea file' are ingested into the workflow at Step 1 and Step 3.
  • Boundary markers: Templates in assets/app-overview-generator.md and assets/vibe-design-template.md include markdown comments (e.g., <!-- PROJECT_BACKGROUND_START -->) to delimit user-provided content.
  • Capability inventory: The skill can execute filesystem searches, suggest package installations, and use subagents for high-level tasks like code generation.
  • Sanitization: No specific sanitization or filtering logic is defined for the content extracted from the user's idea files or image metadata before it is interpolated into implementation prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:07 PM
Security Audit — agent-trust-hub — ui-designer