skylar-design-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from local component files which could contain malicious instructions designed to influence the agent's behavior during the audit or subsequent fix actions.
- Ingestion points: Step 2 (Read the Component(s)) directs the agent to read
.tsx,.stories.tsx, and CSS files provided by the user. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard natural language instructions that might be embedded within comments or strings in the analyzed code.
- Capability inventory: The skill performs file read operations and has the capability to trigger file modifications and commits through the referenced
skylar-visual-changeworkflow. - Sanitization: The skill does not implement any validation or sanitization of the code content before analysis or before offering to apply fixes based on that analysis.
Audit Metadata