prefab-ui
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a reactive templating system (
{{ expression }}) and anRxexpression builder that interpolates state data into UI components and action arguments, creating a surface for indirect prompt injection. - Ingestion points: Data enters the agent's context through user inputs (e.g.,
Input,Form) and results from external tools mapped to state via theresult_keyparameter inCallToolactions. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions when rendering data from untrusted sources into components like
MarkdownorText. - Capability inventory: The skill supports triggering powerful actions such as
CallTool,SendMessage, andOpenLinkusing values derived from client-side state. - Sanitization: There is no mention of sanitization, escaping, or validation of data before it is interpolated into templates or passed to actions like
SendMessage.
Audit Metadata