css-first
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to fetch live data from
unpkg.com(specificallyweb-featuresandbrowser-compat-dataJSON files) to ensure browser support information is current. While these are legitimate data sources, they represent external dependencies. - Evidence:
references/live-mdn-fetch.mddirects the agent to fetch fromhttps://unpkg.com/web-features/data.jsonandhttps://unpkg.com/@mdn/browser-compat-data/data.json. - COMMAND_EXECUTION (LOW): The skill contains rules encouraging the agent to use browser automation MCP servers (Playwright, Puppeteer, etc.) to visually verify CSS implementations.
- Evidence:
references/rules/browser-verification.mdspecifies a workflow using Playwright/Puppeteer to navigate to pages and take screenshots for rendering verification. - PROMPT_INJECTION (LOW): The behavioral rules include strong directives to prioritize CSS over JavaScript, which acts as a domain-specific override of the agent's default logic.
- Evidence:
references/rules/css-only-enforcement.mdstates: 'ALWAYS prioritize CSS-only solutions. NEVER suggest JavaScript when CSS can solve the problem.' - INDIRECT PROMPT INJECTION (LOW): The skill possesses a vulnerability surface where external data is ingested and processed alongside high-capability browser tools.
- Ingestion points:
references/live-mdn-fetch.md(fetches JSON from unpkg.com). - Boundary markers: Absent for external JSON data.
- Capability inventory: Browser automation (Playwright, Puppeteer) and network fetching.
- Sanitization: Absent; the agent is expected to parse and act on the external JSON content directly.
Audit Metadata