web-design-reviewer
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it directs the agent to ingest content from live, untrusted websites and subsequently modify local source code. A malicious site could potentially include instructions to manipulate the agent's behavior or code modifications.\n
- Ingestion points: Website snapshots, console messages, and network requests via Playwright MCP tools (scripts/css-risk-audit.py, SKILL.md).\n
- Boundary markers: Not present; the instructions do not specify any delimiters or warnings to isolate untrusted web content from the agent's core instructions.\n
- Capability inventory: The skill is intended to perform source code modifications and includes a script that reads local project files.\n
- Sanitization: No explicit sanitization or validation of the ingested web content is described.\n- [COMMAND_EXECUTION]: The skill provides a Python script (scripts/css-risk-audit.py) designed to scan local project files for risky CSS patterns. The script uses standard libraries (argparse, re, pathlib) and is restricted to specific file extensions, performing read-only operations to identify layout issues like fixed widths or overflow settings.
Audit Metadata