ui5-best-practices-integration-cards

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected. All external references point to official SAP UI5 documentation or well-known OData testing services.
  • [COMMAND_EXECUTION]: The skill describes a standard local development workflow for previewing components.
  • Evidence: Section 4 instructs the agent to create an HTML entry point and run a local HTTP server to preview the card's behavior.
  • [PROMPT_INJECTION]: The skill defines a surface for processing external structured data, which is standard for development-oriented agents.
  • Ingestion points: User-provided manifest.json files and external OData service responses specified in the card configuration.
  • Boundary markers: The skill does not explicitly instruct the agent to use XML-style delimiters for these data sources.
  • Capability inventory: Access to tools for creating integration cards, validating manifests, and local file system operations.
  • Sanitization: The instructions mandate the use of the run_manifest_validation tool to ensure manifest integrity before concluding tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:57 PM
Security Audit — agent-trust-hub — ui5-best-practices-integration-cards