design-compliance
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill contains hardcoded credentials (
apvhn/apvhn) within the instructions for automated authentication during visual audits on development servers.- [COMMAND_EXECUTION]: The skill is designed for high autonomy, performing automatic file modifications ("auto-fixes every violation in place") and driving a headless browser via Playwright without requiring user confirmation for the edits or interactions.- [PROMPT_INJECTION]: The skill builds its ruleset by reading local documentation files which can be manipulated to influence the agent's behavior (Indirect Prompt Injection). - Ingestion points:
**/CLAUDE.md,**/design-system.md,**/design-rules.md,.github/copilot-instructions.md,.github/instructions/*.md. - Boundary markers: Absent; the instructions do not specify any delimiters or safety markers to isolate embedded instructions in the source documentation.
- Capability inventory: File system modification via the Edit tool, network navigation and interaction via Playwright, and extensive local file system read access.
- Sanitization: Absent; the skill does not define a process for validating or sanitizing the rules extracted from the documentation files.
- [EXTERNAL_DOWNLOADS]: The skill fetches framework documentation and API details from the official PrimeVue website (primevue.org).
Recommendations
- AI detected serious security threats
Audit Metadata