web-css
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted natural language descriptions to generate executable code. Ingestion points: User input is accepted through the
--inputCLI flag and thetaskfield in API requests (documented in SKILL.md). Boundary markers: No clear delimiters or instructions to ignore embedded commands are present in the skill's usage patterns. Capability inventory: Documentation outlines capabilities for writing files and executing shell-based CSS processors. Sanitization: There is no mention of input validation or sanitization to prevent adversarial instructions from influencing the output. - [COMMAND_EXECUTION]: The integration notes provide examples of shell command execution, specifically suggesting that users pipe output to tools like
postcssor useopenclaw-sdkto run tasks. This encourages a workflow where the agent interacts with the underlying operating system based on generated content.
Audit Metadata