ui-craft
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary focus is on establishing guardrails for user-facing UI work, including usability heuristics, accessibility checklists, and design system discipline.
- [COMMAND_EXECUTION]: The skill includes several utility scripts (
scripts/check-contrast.mjs,scripts/detect-token-drift.mjs, andscripts/validate-metadata.py). Analysis confirms these are zero-dependency scripts that perform local file reading and console reporting to assist in design audits. They do not perform network operations or access sensitive system files outside the provided project scope. - [DATA_EXPOSURE]: While
scripts/detect-token-drift.mjsscans project source directories to find raw color and spacing values, this is the intended functionality for identifying design system violations. No evidence of data exfiltration or transmission to external domains was detected. - [PROMPT_INJECTION]: The instructions establish strong internal guardrails and 'hard gates' to prevent the generation of poor-quality UI. There are no attempts to bypass safety filters or override the agent's underlying system instructions.
- [REMOTE_CODE_EXECUTION]: All scripts are provided locally within the skill and do not download or execute code from remote servers. Dependencies are limited to standard Node.js and Python libraries.
Audit Metadata