Skills
skills/pablostanley/efecto-plugin/efecto-web-design/Gen Agent Trust Hub

efecto-web-design

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @efectoapp/mcp package from the npm registry to provide its core functionality.
  • [COMMAND_EXECUTION]: The documentation provides shell commands for the user to execute to set up the Efecto MCP server in various environments.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it retrieves and processes design data from the Efecto canvas.
  • Ingestion points: Data is read from the design document via the get_document and get_selection tools in SKILL.md.
  • Boundary markers: There are no explicit delimiters or warnings used to isolate the data retrieved from the document.
  • Capability inventory: The skill possesses extensive capabilities to modify web layouts, styles, and content via the Efecto MCP toolset.
  • Sanitization: No evidence of sanitization or content validation for the retrieved design data is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 08:06 AM