design-polish
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute system commands for environment discovery, such as checking local development server ports using lsof and Get-NetTCPConnection, and verifying the Node.js version.- [COMMAND_EXECUTION]: It executes an internal script, capture.cjs, located within the skill's root directory to perform screen captures and accessibility audits using axe-core.- [EXTERNAL_DOWNLOADS]: The skill retrieves data from external design websites like Mobbin, Godly, and Dribbble via WebSearch and browser-based capture to identify design trends and perform gap analysis.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from external websites and uses the Edit tool to modify the project's source code based on that content.
- Ingestion points: External design reference URLs and search results processed in Step 3 and Step 4 (SKILL.md).
- Boundary markers: The skill lacks explicit delimiters or instructions to the model to ignore embedded commands within the retrieved external content.
- Capability inventory: The skill has access to Bash, Write, and Edit tools, which can be used to modify local files and execute code.
- Sanitization: There is no evidence of content sanitization or validation of the data retrieved from external URLs before it is used to generate code improvements in Step 7.
Audit Metadata