web-css
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The documentation in SKILL.md references scaffold-css.js and check.js for automating CSS scaffolding and enforcing architectural rules. These scripts are not present in the skill files, posing a security risk if the agent is instructed to run unverified code or if the environment allows execution of missing local scripts.
- [PROMPT_INJECTION]: The skill is designed to ingest and modify untrusted CSS files from a user's project, creating an indirect prompt injection surface (Category 8). Evidence Chain: 1. Ingestion points: Reads project CSS files in the styles/ directory. 2. Boundary markers: No explicit delimiters or instructions are used to ignore embedded instructions in comments. 3. Capability inventory: The skill has file creation and modification capabilities for project CSS and scaffolding. 4. Sanitization: No validation or sanitization of ingested CSS content is defined.
Audit Metadata