visual-prompt-engine
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill implements an indirect prompt injection surface (Category 8) by scraping and processing content from an external website.
- Ingestion points:
scripts/scrape_dribbble.pyfetches titles and descriptions from dribbble.com. - Boundary markers: Absent. The skill does not define specific delimiters or instructions for the agent to ignore commands within the scraped data.
- Capability inventory: The data is used for generating text prompts; no high-risk capabilities like shell execution or file writing are exposed to the external content.
- Sanitization: Minimal. The scraper uses regex to remove HTML tags but does not filter for instructional keywords.
- External Downloads (LOW): The
scripts/scrape_dribbble.pyscript usesurllib.requestand optionallyrequeststo fetch data from dribbble.com. As this domain is not on the predefined whitelist, the network activity is flagged as a low-level concern.
Audit Metadata