ui
Pass
Audited by Gen Agent Trust Hub on Jul 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes an instruction for the agent to autonomously run a local script (scripts/check-update.sh) once per conversation to perform a version check. This is a legitimate maintenance feature.
- [EXTERNAL_DOWNLOADS]: The update check script fetches a version file from the author's official GitHub repository (raw.githubusercontent.com/tw93/Waza). This targets a well-known service and the vendor's own infrastructure, which is considered safe.
- [COMMAND_EXECUTION]: The instructions suggest recommending the use of 'npx getdesign' for brand presets and 'npx skills update' for updates. These utilize the well-known NPM registry to download and execute development tools.
- [PROMPT_INJECTION]: The skill is subject to a potential indirect prompt injection surface because it processes untrusted inputs (UI screenshots and source code) while having command execution capabilities.
- Ingestion points: User-supplied screenshots and component source code are processed in the SKILL.md workflows.
- Boundary markers: The skill uses process-based flows like 'Screenshot Iteration Mode', but does not explicitly instruct the agent to ignore instructions embedded within the analyzed data.
- Capability inventory: The agent can execute bash scripts and run CLI tools via npx and curl.
- Sanitization: No specific filtering or sanitization of data extracted from external assets is described.
Audit Metadata