screenshot-to-code
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via the untrusted data (screenshots) it processes.
- Ingestion points: User-provided images and screenshots of UI designs (referenced in SKILL.md).
- Boundary markers: Absent. The instructions do not provide delimiters or specific warnings to the AI to ignore textual instructions that may be contained within the design images.
- Capability inventory: The skill has the capability to generate complete, runnable code in React, Vue, and HTML/CSS, which could be exploited to include malicious scripts if the AI is successfully injected.
- Sanitization: Absent. There is no instruction to sanitize or validate text content extracted from the images before it influences the code generation process.
Audit Metadata