ui5-best-practices-integration-cards
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. All external references point to official SAP UI5 documentation or well-known OData testing services.
- [COMMAND_EXECUTION]: The skill describes a standard local development workflow for previewing components.
- Evidence: Section 4 instructs the agent to create an HTML entry point and run a local HTTP server to preview the card's behavior.
- [PROMPT_INJECTION]: The skill defines a surface for processing external structured data, which is standard for development-oriented agents.
- Ingestion points: User-provided manifest.json files and external OData service responses specified in the card configuration.
- Boundary markers: The skill does not explicitly instruct the agent to use XML-style delimiters for these data sources.
- Capability inventory: Access to tools for creating integration cards, validating manifests, and local file system operations.
- Sanitization: The instructions mandate the use of the run_manifest_validation tool to ensure manifest integrity before concluding tasks.
Audit Metadata