aesthetic
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references
gallery-dlto facilitate the downloading of design references. This is a common and appropriate tool for the intended purpose of design research. - [COMMAND_EXECUTION] (SAFE): Mentions using
bashto rungallery-dland media utilities such as FFmpeg and ImageMagick for image refinement. These tools are standard for the design and asset processing workflows described. - [DATA_EXFILTRATION] (LOW): Employs
chrome-devtoolsto read network requests and console logs from external websites. While intended for architectural analysis, this capability could inadvertently capture sensitive data like session tokens or API keys if used on authenticated sites. - [PROMPT_INJECTION] (LOW): Vulnerable to indirect prompt injection through the analysis of third-party design platforms.
- Ingestion points: External website content captured via screenshots and browser logs.
- Boundary markers: Absent; the skill lacks specific delimiters to separate external data from agent instructions.
- Capability inventory: Command execution via
bash, file system access for documentation, and browser automation. - Sanitization: There is no explicit process for sanitizing or validating information extracted from external inspiration sources.
Audit Metadata