Skills
skills/mxyhi/ok-skills/critique/Gen Agent Trust Hub

critique

Warn

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to download and run the impeccable package from the npm registry. It also performs dynamic script injection in the browser by creating a script element that loads detect.js from a locally-hosted server started by the skill.
  • [COMMAND_EXECUTION]: It executes shell commands to run the design scanner (npx impeccable), start a background 'live' server (npx impeccable live &), and stop the server (npx impeccable live stop). User-provided file paths or targets are passed as arguments to these commands, creating a potential command injection surface.
  • [EXTERNAL_DOWNLOADS]: The skill fetches external packages via npx and loads a script into the browser context from a local port.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from user-provided source files and browser console logs, creating a surface for indirect prompt injection.
  • Ingestion points: Reads project source files (HTML, JSX, TSX, Vue, Svelte) and browser console messages containing the [impeccable] prefix.
  • Boundary markers: Absent; the instructions do not implement delimiters or warnings to separate untrusted code content from the agent's logic.
  • Capability inventory: The skill can execute shell commands, perform browser automation/script injection, and read local files.
  • Sanitization: No evidence of validation or escaping for the content of the processed files or the captured console messages before they are processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 12, 2026, 08:43 PM