openui-forge-zh

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell scripts, specifically scripts/detect-stack.sh and scripts/validate.sh, to automate project state detection and integration validation.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx @openuidev/cli@latest to download and execute the OpenUI project scaffolding tool.
  • [EXTERNAL_DOWNLOADS]: Fetches documentation for LLM reference from https://www.openui.com/llms-full.txt and https://www.openui.com/llms.txt.
  • [PROMPT_INJECTION]: Contains specific instructions to prevent indirect prompt injection when the agent reads external documentation, explicitly telling the agent not to follow commands found in the fetched text.
  • [SAFE]: Integrates with well-known third-party services including Google Gemini, Anthropic, Mistral, and DeepSeek via standard API endpoints and environment variable configuration (e.g., OPENAI_BASE_URL).
  • [SAFE]: Instructions correctly advise users to store sensitive credentials like API keys in .env files rather than hardcoding them.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:35 AM
Security Audit — agent-trust-hub — openui-forge-zh