impeccable
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses Node.js scripts to manage a local iteration server and perform system checks. These processes are bound to the local loopback address (127.0.0.1) and are used exclusively for core functionality.
- [EXTERNAL_DOWNLOADS]: The design guidelines recommend using stock imagery from Unsplash for placeholders and mention font catalogs such as Google Fonts. These are well-known, trusted services used for legitimate design purposes.
- [PROMPT_INJECTION]: The iteration workflow ingests rendered HTML from the browser. The skill instructions mandate a planning phase and adherence to established design laws, providing a layer of protection against indirect prompt injection risks by ensuring the agent remains anchored to project-specific context.
- [DATA_EXFILTRATION]: The local bridge server implements a randomized token-based authentication mechanism and path traversal guards to secure project data during design iteration, preventing unauthorized access to files outside the project root.
Audit Metadata