ux-audit
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands like
git diff,ripgrep(rg), andfdto discover files and search for UX-related code patterns. These operations are essential for its function as an auditing tool and are confined to the local project directory. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes untrusted project code. (1) Ingestion points: Source files (.tsx, .ts, .js, .css) are read via
git diff,rg, andfd. (2) Boundary markers: Absent. (3) Capability inventory: Local shell execution for searching and diffing. (4) Sanitization: Absent. This is a low-risk finding inherent to auditing agents. - [SAFE]: No malicious behaviors were detected. The skill does not exfiltrate data, access sensitive credentials, or execute code from untrusted remote sources. All external links point to authoritative documentation for React, Next.js, and web standards.
Audit Metadata