design-mirror
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes provided bash scripts (
scripts/screenshot.shandscripts/scrape_html.sh) which utilizecurlto interact with the Bright Data API. - [EXTERNAL_DOWNLOADS]: The skill downloads HTML content and screenshots from external, user-provided URLs for analysis.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from the internet. * Ingestion points: Untrusted HTML is scraped via
scripts/scrape_html.shand saved to/tmp/target_page.html. * Boundary markers: None; the skill lacks specific markers to separate untrusted data from analysis instructions. * Capability inventory: The skill possesses file write capabilities to modify the user's codebase (e.g.,tailwind.config.js,globals.css). * Sanitization: No explicit sanitization of the scraped HTML or extracted CSS tokens is performed before code generation.
Audit Metadata