skills/mblode/agent-skills/ux-audit/Gen Agent Trust Hub

ux-audit

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses local shell commands like git diff, ripgrep (rg), and fd to discover files and search for UX-related code patterns. These operations are essential for its function as an auditing tool and are confined to the local project directory.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes untrusted project code. (1) Ingestion points: Source files (.tsx, .ts, .js, .css) are read via git diff, rg, and fd. (2) Boundary markers: Absent. (3) Capability inventory: Local shell execution for searching and diffing. (4) Sanitization: Absent. This is a low-risk finding inherent to auditing agents.
  • [SAFE]: No malicious behaviors were detected. The skill does not exfiltrate data, access sensitive credentials, or execute code from untrusted remote sources. All external links point to authoritative documentation for React, Next.js, and web standards.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:06 AM
Security Audit — agent-trust-hub — ux-audit