resonance-frontend
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its core operational design.
- Ingestion points: The visual_code_anchoring.md protocol requires the agent to ingest and create functional maps from UI screenshots. The skill also reads and edits existing project source files via read_file and edit_file.
- Capability inventory: The agent has access to run_command (arbitrary shell execution), write_file, and edit_file, allowing for significant system and project impact.
- Boundary markers: Absent; there are no instructions to use delimiters or to ignore embedded natural language commands within the data it processes.
- Sanitization: Absent; no validation or filtering of content extracted from external visuals or files is mentioned before the agent uses that content to drive logic or command execution.
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the run_command tool for tasks like running Lighthouse audits (references/accessibility_a11y.md) and build processes. This tool lacks constraints or validation checks, providing a direct execution path for any instructions successfully injected via untrusted data.
Recommendations
- AI detected serious security threats
Audit Metadata