frontend-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via user-provided visual references. It mandates a workflow where design guidelines are extracted from screenshots and then directly applied to code implementation.\n
- Ingestion points: User-provided screenshots, photos, and design references (documented in
SKILL.mdanddesign-extraction-overview.md).\n - Boundary markers: Absent. The extraction templates in
extraction-prompts.mddo not instruct the model to ignore or sanitize text-based instructions found within analyzed images.\n - Capability inventory: The skill generates and implements executable frontend code (HTML/CSS/JS) and runs system-level scripts.\n
- Sanitization: No evidence of sanitization for data extracted from visual inputs before its use in code generation.\n- COMMAND_EXECUTION (LOW): The skill relies on shell commands to run internal Python scripts for batch processing and media optimization.\n
- Evidence:
references/ai-multimodal-overview.mdandreferences/technical-workflows.mdshow the execution ofpython scripts/gemini_batch_process.pyandpython scripts/media_optimizer.pywith arguments derived from user prompts.\n - Risk: While these are internal scripts, passing user-supplied prompts as CLI arguments can lead to argument injection if the scripts do not handle input safely.
Audit Metadata