web-design-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill's workflow involves analyzing the DOM and visual layout of external websites, which introduces a surface for indirect prompt injection. A malicious website could contain content designed to manipulate the agent into performing unintended code modifications or data access.
- [INGESTION POINTS]: Content from external URLs is ingested through the
browser_navigateandbrowser_snapshotcapabilities. - [BOUNDARY MARKERS]: The skill does not explicitly define delimiters or specific instructions to disregard embedded commands within the external web data being processed.
- [CAPABILITY INVENTORY]: The skill has permissions to read and write files in the local workspace and perform interactive browser actions.
- [SANITIZATION]: There is no evidence of sanitization or filtering for the retrieved DOM structure before it is analyzed by the agent.
- [COMMAND_EXECUTION]: To apply design corrections, the skill requires capabilities to read, search, and write to the project's source code files (e.g., CSS, React components, Vue files). This file system access is consistent with the skill's primary objective of fixing design issues.
- [EXTERNAL_DOWNLOADS]: The documentation recommends the installation of the
@playwright/mcppackage from Microsoft. This tool is a well-known service from a trusted organization and is used here for standard browser automation tasks.
Audit Metadata