Skills
skills/erichowens/some_claude_skills/typography-expert/Gen Agent Trust Hub

typography-expert

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is configured with the WebFetch tool, creating a surface for indirect prompt injection where an agent could ingest malicious instructions from external websites while performing typography analysis.
  • Ingestion points: Untrusted data can enter the agent's context through the WebFetch tool when analyzing external URLs or CSS files (SKILL.md).
  • Boundary markers: There are no explicit delimiters or system instructions defined in the skill to treat fetched web content as untrusted or to ignore embedded instructions.
  • Capability inventory: The skill possesses the Read, Write, Edit, and WebFetch capabilities. This allows for a potential attack chain where external instructions could influence the agent to modify or overwrite local files.
  • Sanitization: The skill lacks logic to sanitize, validate, or filter content retrieved via WebFetch before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:12 PM