aesthetic-system
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external websites to inform its design decisions. * Ingestion points: Browser automation tools are used to navigate to and capture data from external URLs in references/browser-helpers.md. * Boundary markers: There are no explicit delimiters or safety instructions provided to ensure the agent ignores commands found within the analyzed web content. * Capability inventory: The skill has the ability to spawn additional agents (SKILL.md), perform computer control actions, and execute CLI commands. * Sanitization: External content is used to derive design parameters and prompts for other agents without prior validation.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the gemini command-line tool to perform design research (SKILL.md).
Audit Metadata