css-development
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill triggers file-modification workflows based on the analysis of untrusted data from external files and user requests without proper isolation.\n- Ingestion points: User-provided requests, CSS files (e.g.,
components.css), and component markup analyzed during the 'Context Detection' phase.\n- Boundary markers: Absent. The skill provides no delimiters or instructions to the agent to ignore potentially malicious instructions embedded within code comments or component strings.\n- Capability inventory: The skill facilitates operations with side effects (filesystem writes) by routing to sub-skills likecreate-componentandrefactor.\n- Sanitization: There is no evidence of validation, escaping, or filtering mechanisms to neutralize malicious payloads in the processed data.
Recommendations
- AI detected serious security threats
Audit Metadata