web-typography
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits significant metadata misalignment in the
SKILL.mdfile. The 'Instructions,' 'Error Handling,' and 'Examples' sections refer to 'ORM configuration,' 'authentication tokens,' and 'token refreshing.' These instructions are entirely unrelated to the skill's stated purpose of web typography and appear to be copied from a different context. This could mislead an AI agent into performing unauthorized or intrusive actions, such as searching for database credentials or environment files. - [PROMPT_INJECTION]: The skill's instructions explicitly direct the agent to 'Assess the current state of the ORM configuration' and 'Document the configuration for team reference.' Because the agent is provided with tools like
ReadandGrep, this could result in the unintended exposure of sensitive configuration data when a user only requested assistance with design or typography.
Audit Metadata