ux-reviewer
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious instructions, obfuscation, or unauthorized exfiltration patterns were identified in the skill files. The workflow is restricted to generating text-based UX audits.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its requirement to process untrusted external data.
- Ingestion points: In Step 1 of
SKILL.md, the agent is instructed to collect and inspect live URLs, screenshots, Figma frames, and local repository files. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the auditing logic.
- Capability inventory: The agent generates structured markdown audits and remediation order lists in Step 8, which can influence subsequent human or agent actions.
- Sanitization: The skill does not describe any methods for sanitizing or validating the content of the external audit artifacts.
Audit Metadata