review-web-design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection through its core functionality of processing external data.\n
- Ingestion points: The skill is designed to ingest data from external websites via
WebFetchand from source code or mockup files viaReadandGlob.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard instructions that might be embedded within the processed content.\n
- Capability inventory: Authorized tools include
Read,Grep,Glob, andWebFetch. The skill does not have permissions for file system writes, subprocess execution, or arbitrary code evaluation.\n - Sanitization: No sanitization or input validation logic is present to filter content before it is processed by the agent.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of external content from the network for analysis.\n
- Evidence: The metadata explicitly allows the
WebFetchtool, and the procedure instructs the agent to fetch content from live URLs for design evaluation.\n- [NO_CODE]: The skill package contains no executable scripts (e.g., Python, JavaScript, or Bash) and relies entirely on Markdown-based instructions for the agent.
Audit Metadata