Web Design Builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The README provides instructions for the user to install the Playwright MCP server (@playwright/mcp-server) via npm. This is a legitimate dependency for the skill's primary verification functionality.
- [PROMPT_INJECTION] (LOW): The skill processes user-provided specifications and existing code to generate or refactor web designs, creating a potential surface for indirect prompt injection. (1) Ingestion points: User-provided text specifications and existing source code files. (2) Boundary markers: Absent. (3) Capability inventory: File system write access (to save designs) and browser automation via Playwright MCP. (4) Sanitization: Absent.
- [NO_CODE] (SAFE): The provided skill package contains only documentation (README.md) and no executable scripts or logic that could be audited for behavioral risks.
Audit Metadata