browser-layout-editor
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill structure includes a surface for indirect prompt injection via the processing of untrusted layout data.
- Ingestion points: The system loads data from
layout.jsonvialayout_io.pyand receives updates through FastAPI endpoints inserver.py. - Boundary markers: There are no explicit boundary markers or warnings provided to prevent the agent or UI from following instructions embedded in data fields like
item.name. - Capability inventory: The skill is capable of filesystem read/write operations and running a local web server.
- Sanitization: The implementation uses Pydantic for schema validation but does not include sanitization of strings before they are rendered in the SVG frontend, representing a minor security surface.
- [EXTERNAL_DOWNLOADS]: The skill identifies
fastapianduvicornas dependencies inpyproject.toml. These are well-known, official packages from the Python Package Index used for their intended purpose of serving the editor UI.
Audit Metadata