Skills
skills/curiositech/windags-skills/web-design-expert/Gen Agent Trust Hub

web-design-expert

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its untrusted data ingestion surface.\n
  • Ingestion points: The skill uses the WebFetch tool to retrieve content from external websites for discovery and research tasks, as noted in the SKILL.md allowed-tools list.\n
  • Boundary markers: The instructions do not define delimiters or explicit rules to disregard instructions found within data retrieved from external URLs.\n
  • Capability inventory: The skill has access to sensitive tools including Write and Edit for file manipulation, and several code-generation MCP tools (e.g., mcp__magic__21st_magic_component_builder) which can be influenced by poisoned inputs.\n
  • Sanitization: There is no mention of sanitization, validation, or filtering of the content fetched from external sources before it is interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 02:14 PM