ui-craft
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The instructions are strictly focused on UI quality, accessibility, and adherence to design systems. No attempts to bypass safety filters or override agent behavior were detected.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access, or unauthorized network operations were found. The skill does not communicate with external domains.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It relies on local scripts for project-specific auditing.
- [COMMAND_EXECUTION]: The skill includes Node.js and Python scripts (
check-contrast.mjs,detect-token-drift.mjs,validate-metadata.py) to perform design-related checks. These are used locally and do not involve untrusted inputs. - [OBFUSCATION]: No evidence of Base64 encoding, hidden characters, or other obfuscation techniques was found in the documentation or scripts.
- [DYNAMIC_EXECUTION]: No evidence of runtime code generation or unsafe deserialization of data was detected.
- [DATA_EXPOSURE]: While the skill reads local project files (e.g.,
DESIGN.md,tokens.css), this is intended for its primary purpose of UI auditing and does not target sensitive system configuration files.
Audit Metadata