Skills
skills/sliday/daub/daub-ui/Gen Agent Trust Hub

daub-ui

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill and the library reference various external resources from established content delivery networks and well-known service providers.
  • Fetches core CSS and JS assets from daub.dev, cdn.jsdelivr.net, and unpkg.com.
  • Connects to OpenRouter and Google Gemini APIs for its AI-powered UI generation and analysis features.
  • Integrates with the official Figma API for design specification extraction.
  • [COMMAND_EXECUTION]: The skill includes permissions for standard system tools used in software development workflows.
  • The SKILL.md file allows the use of the Bash tool, which is expected for coding-related tasks.
  • Internal development and testing scripts within the tools/ directory utilize execFileSync to run Node.js utilities.
  • [SAFE]: The project includes several proactive security features designed to protect users when interacting with AI-generated content.
  • UI previews are rendered within a sandboxed srcdoc iframe to provide complete CSS and JS isolation.
  • A custom sanitizeHtml function is used to filter HTML content against a whitelist of safe tags and attributes.
  • The isSafeUrl utility specifically blocks javascript:, data:, and vbscript: protocols in AI-generated URLs to mitigate XSS risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 06:22 AM
Security Audit — agent-trust-hub — daub-ui