design-system-analyzer
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (MEDIUM): Privacy risk via browser session exposure. The 'references/setup-guide.md' file explicitly guides users to run their primary Chrome instance with '--remote-debugging-port=9222'. This allows the AI agent to inherit the user's logged-in sessions, cookies, and private data, which could be accessed if the agent is directed to sensitive URLs.
- COMMAND_EXECUTION (MEDIUM): Unverifiable code execution. The 'SKILL.md' logic depends on scripts located in 'references/analysis-guide.md', which were not included in the provided files. This prevents a complete security audit of the code being executed in the browser context.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The skill extracts data from untrusted websites to populate a system prompt template. Evidence Chain: (1) Ingestion: Web content via DevTools in SKILL.md. (2) Boundaries: No clear delimiters for external data. (3) Capabilities: Subprocess navigation and DOM manipulation. (4) Sanitization: None detected.
Audit Metadata