frontend-design
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its visual analysis workflow.\n
- Ingestion points: The workflow for 'When User Provides Screenshot/Image/Design Reference' involves analyzing untrusted visual inputs using multimodal AI (SKILL.md, references/design-extraction-overview.md).\n
- Boundary markers: The prompt templates provided in 'references/extraction-prompts.md' do not include delimiters or instructions for the AI to ignore potential commands embedded within the design assets.\n
- Capability inventory: The agent has the capability to generate and write production-grade code (HTML/CSS/JS) and execute local automation scripts based on the results of the visual analysis (SKILL.md).\n
- Sanitization: There is no evidence of sanitization, validation, or escaping of the design guidelines extracted from images before they are used to influence code generation or script execution parameters.\n- [COMMAND_EXECUTION]: The skill's operational workflows rely on executing local Python scripts to perform media optimization and batch processing.\n
- Evidence: Instructions include running
python scripts/gemini_batch_process.pyandpython scripts/media_optimizer.pyfor asset generation, analysis, and optimization (references/ai-multimodal-overview.md, references/technical-overview.md).\n- [EXTERNAL_DOWNLOADS]: The skill interacts with external AI services for media generation and vision analysis tasks.\n - Evidence: Implementation details reference the use of Google's Imagen 4 and Gemini 2.5 Flash models for generating high-quality design assets and performing visual inspections (references/ai-multimodal-overview.md, references/technical-optimization.md).
Audit Metadata