skills/tw93/claude-health/ui/Gen Agent Trust Hub

ui

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local shell script (scripts/check-update.sh) to perform an update check when the skill is initialized.
  • [EXTERNAL_DOWNLOADS]: The scripts/check-update.sh script performs a network request to GitHub's raw content domain to retrieve version metadata from the author's repository.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests using npx getdesign@latest to download and apply design presets from the npm registry, which is a well-known service.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface because it processes potentially untrusted external data.
  • Ingestion points: Untrusted data enters the agent context through user-provided screenshots, external source code repositories provided for reference, and design presets fetched via the getdesign utility.
  • Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded commands within the analyzed visual or code inputs.
  • Capability inventory: The skill has access to shell execution (internal script), file system operations (grep, read, write), and browser rendering tools.
  • Sanitization: No explicit sanitization or validation logic is defined for the content extracted from external images or code files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 05:01 PM
Security Audit — agent-trust-hub — ui