Skills
skills/duc01226/easyplatform/visual-component-finder/Gen Agent Trust Hub

visual-component-finder

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/build-component-index.py) and standard shell commands such as git and grep to generate and search a component index. These operations are local and consistent with the skill's purpose of codebase analysis.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it reads and processes untrusted data from the repository and vision-processed screenshots.
  • Ingestion points: The script scripts/build-component-index.py reads TypeScript and HTML files from the repository, and the agent processes user-provided screenshots.
  • Boundary markers: There are no explicit markers or safety instructions in the workflow to differentiate between data and instructions when reading file contents.
  • Capability inventory: The skill allows the execution of bash commands and the indexing script, which could be exploited if malicious instructions in source files influence agent behavior.
  • Sanitization: No sanitization is performed on the text extracted from codebase files or screenshots before it is used in the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 08:38 AM