css-module-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection.
- Ingestion points: The skill is designed to process external frontend code, CSS, and web patterns.
- Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings in the skill configuration.
- Capability inventory: The skill is authorized to use 'Bash', 'Write', and 'Edit', which allows for full system command execution and file modification.
- Sanitization: No sanitization or verification logic is defined to handle untrusted code comments. An attacker could place malicious instructions in a CSS file that the agent might obey using its Bash access.
- [COMMAND_EXECUTION] (MEDIUM): The skill requests access to the 'Bash' tool. While appropriate for a generator, this capability significantly elevates the risk profile by providing a direct path for executing commands extracted from untrusted data.
- [NO_CODE] (INFO): The skill consists entirely of markdown instructions and metadata with no executable scripts or binaries provided in the package.
Recommendations
- AI detected serious security threats
Audit Metadata