nuxt-visual-development
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill initiates a local development server using
bun run devand captures screenshots usingnpx playwright screenshot. These are standard commands for frontend development and visual regression testing. - [EXTERNAL_DOWNLOADS]: The use of
npx playwrightmay result in the download of the Playwright library and browser binaries from official package registries. This is expected behavior for this tool. - [DATA_EXFILTRATION]: The workflow saves screenshots of the local application to the
/tmpdirectory for analysis by the agent. No network activity targeting untrusted external domains was identified; all operations are centered onlocalhost:3000. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it captures and 'reads' screenshots of a locally-hosted web application which could contain instructions.
- Ingestion points: Local web content at
localhost:3000via Playwright screenshots inSKILL.md. - Boundary markers: None present.
- Capability inventory: Command execution via
bunandnpxinSKILL.md. - Sanitization: No content sanitization is applied to the visual data before it is processed by the agent.
Audit Metadata