Skills
skills/lintendo/axhub-make/local-axure-workflow/Gen Agent Trust Hub

local-axure-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script node scripts/check-app-ready.mjs to verify the state of generated pages. This represents a capability to run system commands, which may be vulnerable if paths or arguments are derived from unvalidated external data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external files (sitemap.json, theme.json, content.md) to guide code generation and project structuring.
  • Ingestion points: Processes sitemap.json, theme.json, and content.md from the local project directory.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed data are defined.
  • Capability inventory: Includes file-writing to the local repository and execution of Node.js scripts.
  • Sanitization: No visible mechanisms to sanitize or validate the content of the Axure export files before processing.
  • [EXTERNAL_DOWNLOADS]: The skill includes functionality to use MCP tools for fetching online resources if a projectUrl is found in the local configuration, potentially allowing external network requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 04:47 AM