sleek-design-mobile-apps
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch icon assets (SVGs) from
https://api.iconify.design, which is a well-known and trusted service for icons. - [COMMAND_EXECUTION]: To handle large payloads efficiently, the skill suggests using shell commands (e.g.,
curlorwgetpiped to a file) to save component HTML directly to the local disk. - [DATA_EXFILTRATION]: The skill transmits user instructions and optional reference image URLs to
https://sleek.designto generate designs. This is the primary function of the skill and is explicitly documented. - [INDIRECT_PROMPT_INJECTION]: The skill processes content (HTML, assistant text) generated by an external AI service. While this represents a potential injection surface, it is a standard risk for integration tools and is mitigated by the skill's specific focus on UI design and asset generation.
- Ingestion points: API responses from
https://sleek.designcontaining HTML code and assistant messages. - Boundary markers: None explicitly defined for external content.
- Capability inventory: File system writes (saving HTML and images) and network requests.
- Sanitization: No specific sanitization of the fetched HTML is mentioned before saving.
Audit Metadata