visual-style
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions in
references/extractors/from-website.md,references/extractors/from-pdf.md, andreferences/extractors/from-video.mddirect the agent to fetch and analyze content from external URLs provided by the user. While this is a primary function of the skill, it involves interacting with potentially untrusted remote content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external data to generate a
style_prompt_fullfield, which is later used as instructional input for other tools (e.g., HeyGen, Figma). - Ingestion points: External content is ingested via
references/extractors/from-website.md(website URLs),references/extractors/from-pdf.md(uploaded PDFs), andreferences/extractors/from-video.md(video URLs). - Boundary markers: Analysis of the extraction prompts in the referenced files shows an absence of explicit boundary markers or instructions to ignore embedded natural language commands within the source data.
- Capability inventory: The skill generates executable HTML/CSS code in
references/connectors/html-slides.mdand instructs the agent to call external tools (HeyGen Video Agent) inreferences/connectors/heygen-video-agent.mdusing the extracted style prompts. - Sanitization: There is no evidence of sanitization or validation logic to filter out potentially malicious instructions from the extracted visual style fields before they are passed to downstream connectors.
Audit Metadata