Skills
skills/curiositech/some_claude_skills/web-design-expert/Gen Agent Trust Hub

web-design-expert

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to its reliance on external data.\n
  • Ingestion points: Data is ingested through the WebFetch tool (SKILL.md) and the mcp__magic__21st_magic_component_inspiration tool (references/tooling-integration.md).\n
  • Boundary markers: No delimiters or safety instructions are present to prevent the agent from obeying instructions embedded in the external content.\n
  • Capability inventory: The agent is authorized to use Write and Edit tools for file system access, and WebFetch for network communication (SKILL.md).\n
  • Sanitization: The skill does not implement sanitization or validation for the data retrieved from external design resources or websites.\n- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch and specialized MCP tools to interact with external domains for design inspiration and logo retrieval. While this is consistent with its stated purpose, it establishes a network ingestion point for untrusted data from non-whitelisted domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 01:10 PM