audit-typography
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a data ingestion surface that could be exploited by an attacker to influence the agent's behavior via malicious instructions embedded in analyzed files.
- Ingestion points: The
SKILL.mdworkflow instructs the agent to read and scan user-provided CSS and HTML files for typography-related properties. - Boundary markers: The instructions lack specific delimiters or system-level directives to differentiate between the analysis rules and natural language instructions that might be present in code comments within the target files.
- Capability inventory: The agent's capabilities are restricted to text analysis and reporting; it does not have access to command execution, filesystem modification, or network operations.
- Sanitization: No sanitization, filtering, or validation of the input file content is prescribed before processing.
- No Code (SAFE): A review of all 92 files confirms that the skill is composed entirely of static Markdown files. It does not contain scripts, binaries, or configuration files that could facilitate local or remote code execution, making the technical risk extremely low.
Audit Metadata