skills/pedronauck/skills/ui-craft/Gen Agent Trust Hub

ui-craft

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The instructions are strictly focused on UI quality, accessibility, and adherence to design systems. No attempts to bypass safety filters or override agent behavior were detected.
  • [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access, or unauthorized network operations were found. The skill does not communicate with external domains.
  • [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It relies on local scripts for project-specific auditing.
  • [COMMAND_EXECUTION]: The skill includes Node.js and Python scripts (check-contrast.mjs, detect-token-drift.mjs, validate-metadata.py) to perform design-related checks. These are used locally and do not involve untrusted inputs.
  • [OBFUSCATION]: No evidence of Base64 encoding, hidden characters, or other obfuscation techniques was found in the documentation or scripts.
  • [DYNAMIC_EXECUTION]: No evidence of runtime code generation or unsafe deserialization of data was detected.
  • [DATA_EXPOSURE]: While the skill reads local project files (e.g., DESIGN.md, tokens.css), this is intended for its primary purpose of UI auditing and does not target sensitive system configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 05:24 PM
Security Audit — agent-trust-hub — ui-craft