skills/tw93/waza/ui/Gen Agent Trust Hub

ui

Pass

Audited by Gen Agent Trust Hub on Jul 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes an instruction for the agent to autonomously run a local script (scripts/check-update.sh) once per conversation to perform a version check. This is a legitimate maintenance feature.
  • [EXTERNAL_DOWNLOADS]: The update check script fetches a version file from the author's official GitHub repository (raw.githubusercontent.com/tw93/Waza). This targets a well-known service and the vendor's own infrastructure, which is considered safe.
  • [COMMAND_EXECUTION]: The instructions suggest recommending the use of 'npx getdesign' for brand presets and 'npx skills update' for updates. These utilize the well-known NPM registry to download and execute development tools.
  • [PROMPT_INJECTION]: The skill is subject to a potential indirect prompt injection surface because it processes untrusted inputs (UI screenshots and source code) while having command execution capabilities.
  • Ingestion points: User-supplied screenshots and component source code are processed in the SKILL.md workflows.
  • Boundary markers: The skill uses process-based flows like 'Screenshot Iteration Mode', but does not explicitly instruct the agent to ignore instructions embedded within the analyzed data.
  • Capability inventory: The agent can execute bash scripts and run CLI tools via npx and curl.
  • Sanitization: No specific filtering or sanitization of data extracted from external assets is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 11, 2026, 10:04 AM