app-copy
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core functionality of reading and rewriting UI strings.
- Ingestion points: The skill scans JSX/TSX files, toast/notification messages, error boundaries, and empty state components (SKILL.md Phase 1).
- Boundary markers: None identified. The agent is instructed to read strings directly without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can write rewritten strings directly back into the codebase (SKILL.md Phase 7).
- Sanitization: No explicit sanitization, validation, or escaping of ingested strings is performed before they are used to generate new output.
- Autonomy Abuse: The instructions state, "If the codebase tells you, don't ask," which encourages autonomous action based on potentially untrusted data found within the source code.
Audit Metadata