Skills
skills/sien75/graphicode-skills/graphicode-ui-designer/Gen Agent Trust Hub

graphicode-ui-designer

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automatically performs git commits using the git commit command after design modifications are confirmed.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes data from external files that are used to influence code generation and repository actions.
  • Ingestion points: Reads project configuration (graphig.md), design specification files, and source code files (TSX and Less).
  • Boundary markers: Absent. The skill lacks instructions to treat file content as untrusted data or to use delimiters to separate data from instructions.
  • Capability inventory: Extensive file system access (read/write) and command execution (git commit).
  • Sanitization: Absent. There is no evidence of validation or sanitization of the content retrieved from external files before it is processed by the model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 11:52 AM
Security Audit — agent-trust-hub — graphicode-ui-designer