Skills
skills/yigitkonur/skills-by-yigitkonur/audit-ui/Gen Agent Trust Hub

audit-ui

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions involve the use of shell commands to manage the audit workflow. This includes using curl to verify the availability of the target web server, pkill to manage Chromium-based browser processes in case of session lock contention, and standard Unix utilities (find, ls, wc) to inventory and report on audit findings.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted content from web pages using a browser tool during the audit.
  • Ingestion points: Browser-rendered content and project configuration files (like sitemap.xml) accessed via the /run-agent-browser tool.
  • Boundary markers: The subagent prompt templates do not implement specific boundary markers or 'ignore' instructions for content retrieved from the browser.
  • Capability inventory: Subagents are equipped with the /run-agent-browser tool for navigation and interaction, the Agent tool for dispatching further sub-tasks, and file system access for writing findings.
  • Sanitization: No explicit sanitization or filtering of web content is performed before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:41 PM
Security Audit — agent-trust-hub — audit-ui