frontend-design
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution (MEDIUM): The skill documentation repeatedly instructs the agent to execute local Python scripts such as 'scripts/gemini_batch_process.py' and 'scripts/media_optimizer.py'. These files are not provided within the skill package, making their behavior and security posture unverifiable. Additionally, 'references/animejs.md' is missing.
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it analyzes untrusted user-provided screenshots and images to extract design guidelines without adequate safety measures. 1. Ingestion points: Visual data analyzed via the ai-multimodal skill. 2. Boundary markers: Absent; prompt templates in 'references/extraction-prompts.md' do not include delimiters or instructions to ignore embedded malicious instructions. 3. Capability inventory: Command execution of local Python scripts. 4. Sanitization: None; extracted data is used directly to influence code generation.
Audit Metadata