design-lookup
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes content from external, third-party websites such as CodePen and UIVerse. Malicious instructions embedded in these resources could influence the agent's behavior. * Ingestion points: The
scripts/fetch-page.pyscript retrieves content from arbitrary external URLs. * Boundary markers: No specific delimiters are used to isolate tool output from system instructions. * Capability inventory: The agent can perform web searches and execute the local Playwright-based Python script. * Sanitization: No programmatic sanitization is performed on the scraped content; the skill relies on manual cleanup. - [EXTERNAL_DOWNLOADS]: The skill fetches SVG icon assets from well-known repositories on GitHub, such as Lucide and Heroicons. These operations are part of the core functionality for design resource retrieval and target trusted organizations.
- [COMMAND_EXECUTION]: The skill uses a custom Python script (
scripts/fetch-page.py) with Playwright to render pages. The script processes user-supplied URLs without validation, which could be leveraged to access internal network resources or local files via the browser engine if the agent is misled.
Audit Metadata