ux-reviewer

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious instructions, obfuscation, or unauthorized exfiltration patterns were identified in the skill files. The workflow is restricted to generating text-based UX audits.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its requirement to process untrusted external data.
  • Ingestion points: In Step 1 of SKILL.md, the agent is instructed to collect and inspect live URLs, screenshots, Figma frames, and local repository files.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the auditing logic.
  • Capability inventory: The agent generates structured markdown audits and remediation order lists in Step 8, which can influence subsequent human or agent actions.
  • Sanitization: The skill does not describe any methods for sanitizing or validating the content of the external audit artifacts.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 04:11 PM
Security Audit — agent-trust-hub — ux-reviewer