aesthetic-guide
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection through its research protocol.
- Ingestion points: Step 3 of the workflow involves conducting web research on untrusted external sites to gather implementation details.
- Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore instructions found within the researched content.
- Capability inventory: The skill has the capability to write files to the filesystem (Step 6:
.claude/docs/{aesthetic-name}-design-system.md). The output is explicitly intended to be consumed by other 'coding agents'. - Sanitization: Absent. There is no logic to filter or sanitize the extracted values (hex codes, CSS, font names) from potentially malicious text embedded in the source websites.
- [EXTERNAL_DOWNLOADS] (LOW): The skill performs web research to gather design data. Per [TRUST-SCOPE-RULE], this is a low-severity finding on its own as it's a core feature, but it acts as the primary attack vector for the injection risk mentioned above.
Recommendations
- AI detected serious security threats
Audit Metadata