Skills
skills/famaoai-creator/gemini-skills/layout-architect/Gen Agent Trust Hub

layout-architect

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Arbitrary File Access and Path Traversal. The entry point in src/index.ts utilizes yargs to accept --input and --out file paths from the user. These paths are resolved using path.resolve without any boundary checks or validation against a secure base directory. This allows a user or a malicious process to point the tool to sensitive system files (e.g., SSH keys or configuration files) for reading, or to specify arbitrary output locations to overwrite critical files with generated CSS content.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The generateMarpCSS function in src/lib.ts performs direct string interpolation of properties from the MasterSlideSpecs object into a CSS template literal without escaping or sanitization.
  • Ingestion points: Specification data enters the skill via the file read from specsPath in src/index.ts.
  • Boundary markers: The skill does not employ boundary markers or instructions to ignore embedded malicious sequences within the processed design specifications.
  • Capability inventory: The skill possesses file-system read (fs.readFileSync) and write (safeWriteFile) capabilities.
  • Sanitization: There is no evidence of validation or escaping for the data fields before they are embedded into the resulting CSS, which could lead to CSS injection if the source specification file is compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 11:06 PM