design-critique
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill provides instructions for analyzing external data fetched via tools. While this is an ingestion point for untrusted data, the skill lacks 'write' or 'execute' capabilities required for exploitation.\n
- Ingestion points: WebFetch, Read, and mcp__claude-in-chrome__* tools.\n
- Boundary markers: None explicitly defined in the instructions.\n
- Capability inventory: UI/UX critique and browser-based navigation.\n
- Sanitization: None specified in the skill content.\n- Malicious Code (SAFE): No scripts or binaries are included; the skill is entirely composed of instructional content.\n- Prompt Injection (SAFE): No attempts to override constraints or extract system prompts were detected in the text.
Audit Metadata