ui-designer

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill processes user-supplied Markdown files and images to generate prompts for subagents, creating an indirect prompt injection surface where malicious instructions in input files could influence agent behavior.
  • Ingestion points: Reads project idea files, reference images, and existing PRD documents from the local file system.
  • Boundary markers: Implements delimiters like HTML comments in templates (e.g., ) to isolate user-provided content.
  • Capability inventory: File system read/write in documents/ and assets/, subagent task execution, and shell environment scanning.
  • Sanitization: Input content is interpolated into templates without explicit sanitization or validation.
  • [COMMAND_EXECUTION]: Performs local environment scanning using find and grep commands to detect React projects. These are read-only operations used for setup verification.
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of common development tools and libraries (tailwindcss, lucide-react) via npm and npx. These are well-known services and the recommendations follow standard industry practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 03:58 PM
Security Audit — agent-trust-hub — ui-designer