Skills
skills/albermonte/android-skills/material-3-expressive/Gen Agent Trust Hub

material-3-expressive

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • SAFE (SAFE): The skill files consist of static markdown documentation and examples. No hardcoded credentials or data exfiltration patterns were detected.
  • EXTERNAL_DOWNLOADS (LOW): The maintenance section in SKILL.md directs users to install Playwright and Chromium to run the reference update script. These are trusted developer tools.
  • COMMAND_EXECUTION (LOW): The skill includes a python script (update_m3_expressive_refs.py) to automate data collection from design websites. This is a local administrative task.
  • Indirect Prompt Injection (LOW): The skill possesses a vulnerability surface for indirect prompt injection. 1. Ingestion points: External URLs (Material Design docs, GitHub) via the update script. 2. Boundary markers: Absent in generated reference files. 3. Capability inventory: Agent processes reference data to provide design decisions. 4. Sanitization: Not verifiable from provided documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM