wireframe-to-spec
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted image data (sketches, wireframes) using multimodal analysis. Maliciously crafted text within these images could attempt to influence the agent's output or behavior.\n
- Ingestion points: Processes hand-drawn sketches, digital wireframes, and mockup images provided by the user (SKILL.md).\n
- Boundary markers: No explicit instructions or delimiters are provided to the model to ignore potential text-based instructions found within the images.\n
- Capability inventory: The skill uses the 'Write' tool to create specification files in the project directory and 'AskUserQuestion' to interact with the user (SKILL.md).\n
- Sanitization: No specific sanitization or validation of the text extracted from images is described before it is used to generate output documentation.
Audit Metadata