vaporwave-glassomorphic-ui-designer
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by directing the agent to use
mcp__firecrawl__firecrawl_searchto retrieve 2025 UI trends and patterns from the web. This untrusted external data could potentially contain malicious instructions designed to subvert the agent's logic.\n - Ingestion points: Data is fetched via search tools as outlined in the Design Discovery Workflow in SKILL.md.\n
- Boundary markers: The skill lacks specific delimiters or instructions to treat external content as untrusted data, increasing the risk of the agent following instructions embedded within the fetched content.\n
- Capability inventory: The agent has permissions for
Read,Write, andEdit, and uses specialized tools likemcp__magic__21st_magic_component_builderwhich could be manipulated.\n - Sanitization: There is no evidence of a validation or sanitization process for data retrieved from external URLs before it is used for component generation.\n- [NO_CODE]: This skill consists entirely of Markdown documentation and code snippets for reference. It does not include any executable scripts (e.g., .py, .js, .sh) or binaries that would be executed by the agent.
Audit Metadata