visual-audit
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of natural language instructions for visual analysis. No code execution, network exfiltration, or hardcoded credentials were found in the provided file.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze external content (URLs and screenshots). While the skill itself is benign, processing attacker-controlled visual data is an inherent attack surface.
- Ingestion points: Untrusted data enters the context through images or URLs provided to the
/visual-auditcommand as defined in SKILL.md. - Boundary markers: The skill does not define specific delimiters or warnings to ignore embedded instructions within the designs being audited.
- Capability inventory: No dangerous tools or scripts are associated with this skill, mitigating the potential impact of an injection.
- Sanitization: No instructions are provided to sanitize or validate the content extracted from the visual inputs.
Audit Metadata