Skills
skills/mounchons/agentmarketplace/ui-mockup/Gen Agent Trust Hub

ui-mockup

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from source files such as system design documents and user requirement prompts to generate mockups. This configuration creates a surface for indirect prompt injection (Category 8).
  • Ingestion points: Content is read from system-design-doc.md, CLAUDE.md, and user input to populate mockup templates.
  • Boundary markers: The skill includes mandatory checklists and rejection criteria to restrict agent behavior, although explicit delimiters for external input are not specified.
  • Capability inventory: The skill is designed to write multiple file formats (.md, .json, .html, .css, .js) to the project's .mockups/ directory.
  • Sanitization: The generated JavaScript template (master-page-template.js) includes an _escapeHtml helper function that utilizes textContent to prevent script injection in the final prototype output.
  • [EXTERNAL_DOWNLOADS]: The skill's HTML templates include a script reference to Tailwind CSS via a public CDN. This is documented neutrally as a common and expected practice for a frontend design tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:28 AM