ui-designer
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes user-supplied Markdown files and images to generate prompts for subagents, creating an indirect prompt injection surface where malicious instructions in input files could influence agent behavior.
- Ingestion points: Reads project idea files, reference images, and existing PRD documents from the local file system.
- Boundary markers: Implements delimiters like HTML comments in templates (e.g., ) to isolate user-provided content.
- Capability inventory: File system read/write in documents/ and assets/, subagent task execution, and shell environment scanning.
- Sanitization: Input content is interpolated into templates without explicit sanitization or validation.
- [COMMAND_EXECUTION]: Performs local environment scanning using find and grep commands to detect React projects. These are read-only operations used for setup verification.
- [EXTERNAL_DOWNLOADS]: Recommends the installation of common development tools and libraries (tailwindcss, lucide-react) via npm and npx. These are well-known services and the recommendations follow standard industry practices.
Audit Metadata