responsive
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary functions—reading design documents, discovering routes via package.json, and automating browser screenshots—are consistent with its stated purpose of responsive design auditing.
- [DATA_EXPOSURE_&_EXFILTRATION]: Network activity is restricted to a user-provided local development server URL. There is no evidence of the skill accessing sensitive system files (like SSH keys or credentials) or transmitting data to external domains.
- [COMMAND_EXECUTION]: Command execution is limited to standard git operations (
git add,git commit) for versioning the applied fixes. No unauthorized or dangerous shell commands were found. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from project files (design docs, package.json) and visual content from the website it audits. While this presents a standard surface for indirect prompt injection, the skill includes human-in-the-loop checkpoints (using
AskUserQuestion) for route confirmation and fix validation, which mitigates the risk of autonomous malicious actions.
Audit Metadata