css-author
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's operational model introduces a surface for indirect prompt injection.
- Ingestion points: The skill is auto-invoked whenever the agent edits
.cssfiles, which are untrusted external data sources. - Boundary markers: No specific instructions or delimiters are provided to help the agent distinguish between CSS code and potentially malicious instructions embedded in comments.
- Capability inventory: The agent is authorized to use
Read,Write, andEdittools, providing a mechanism for file system manipulation if an injection is successful. - Sanitization: No methods for sanitizing or validating the input CSS content are defined in the skill.
Audit Metadata