agentic-website-design
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains instructional content and prompt templates that do not attempt to bypass AI safety guardrails or override system instructions.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, API keys, or commands targeting sensitive files (e.g., SSH keys, environment variables) were identified.
- [COMMAND_EXECUTION] (SAFE): Recommends standard web development commands like
npm run devandnpm create astro. These are appropriate for the skill's purpose of local website development. - [EXTERNAL_DOWNLOADS] (SAFE): Mentions standard package managers (npm, npx, bun, pnpm) and reputable web frameworks (Astro, Next.js). No unverified or suspicious external dependencies are referenced.
- [REMOTE_CODE_EXECUTION] (SAFE): No instances of downloading and piping remote scripts directly to a shell or any other form of unverified remote execution were found.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill documentation describes a 'browser-in-the-loop' workflow where the agent ingests screenshots and logs. While this creates a potential surface for indirect injection if the agent visits a malicious site, the instructions are oriented toward development of the user's own code.
- Ingestion points: Viewport screenshots, console logs, and network requests via browser MCP tools.
- Boundary markers: Not explicitly defined in provided templates.
- Capability inventory: File writing (src/ components), local command execution (dev server), and JavaScript evaluation within the browser context.
- Sanitization: None specified; the skill relies on the underlying agent's native handling of visual and text data.
Audit Metadata