Skills
skills/lintendo/axhub-make/local-axure-workflow/Gen Agent Trust Hub

local-axure-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script node scripts/check-app-ready.mjs to verify the generated code, which involves local process execution based on internal skill logic.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from local files like content.md and sitemap.json without sanitization.
  • Ingestion points: Data is ingested from local project files including sitemap.json, content.md, and theme.json.
  • Boundary markers: No explicit markers are used to isolate untrusted content from the agent's instructions.
  • Capability inventory: The agent has permissions to read/write files, list directories, and execute shell commands via node.
  • Sanitization: No evidence of sanitization or instruction-stripping for the processed text content is provided.
  • [EXTERNAL_DOWNLOADS]: The skill uses MCP tools to fetch external online screenshots if a project URL is detected in the sitemap data, introducing a dependency on external sources controlled by the input data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 07:42 AM