polish
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external web pages and local files without sanitization.
- Ingestion points: Browser screenshots captured via MCP tools (
mcp__claude-in-chrome,agent-browser) and local markdown files in therules/andreferences/directories. - Boundary markers: Absent. There are no instructions to the agent to disregard instructions that might be embedded in the UI text of the screenshots or within the design guidelines.
- Capability inventory: The skill can navigate to arbitrary URLs, capture visual data, read local documentation, and apply code modifications to the project using Tailwind CSS classes.
- Sanitization: None. The skill does not validate or filter the text content retrieved from the browser environment.
- [SAFE]: No malicious patterns such as credential exfiltration, remote code execution from unknown sources, or persistence mechanisms were detected. The use of browser automation tools is appropriate for the skill's stated purpose of visual auditing.
Audit Metadata