web-design-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with untrusted external data.\n
- Ingestion points: The skill instructions in
SKILL.mddirect the agent to navigate to and take snapshots of live websites using browser tools.\n - Boundary markers: There are no instructions or delimiters provided to the agent to help it distinguish between its own system instructions and potentially malicious instructions embedded in the content of the websites it reviews.\n
- Capability inventory: The skill encourages the agent to modify local source code (
SKILL.mdandreferences/framework-fixes.md) based on the visual inspection of these external sites, creating a risk path if a site contains hidden instructions.\n - Sanitization: No sanitization, filtering, or validation of the ingested web content is performed before the agent processes it.\n- [SAFE]: The Python script
scripts/css-risk-audit.pyis a benign utility for static analysis of local files.\n - It utilizes standard Python libraries (
re,pathlib,argparse) to scan for common CSS layout risks like fixed widths and overflow hidden patterns.\n - It performs no network operations, dynamic code execution, or unauthorized file system access.\n- [SAFE]: The documentation and checklists provided in the
references/directory consist of static information and safe code snippets for manual application by the developer.
Audit Metadata