Skills
skills/jasny/perfect-agent/pixel-perfect/Gen Agent Trust Hub

pixel-perfect

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a bundled shell script scripts/validate-visual.sh to perform automated visual regression testing using ImageMagick and jq.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it interacts with and measures untrusted content from external websites.\n
  • Ingestion points: External web pages accessed via Chrome DevTools or Playwright MCP servers and user-supplied images.\n
  • Boundary markers: Explicit instructions such as 'The reference is ground truth' and 'Do not redesign' serve as behavioral guardrails to prevent deviation from the visual replication task.\n
  • Capability inventory: The agent can execute arbitrary JavaScript in the browser context via evaluate_script and execute local shell commands via the bundled validation script.\n
  • Sanitization: The skill focuses on extracting numeric styling data (geometry, CSS values), which reduces the risk of following instructions embedded in the target page text.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 04:54 AM