psd-json-preview
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill performs its stated function of generating code from design data. No evidence of credential theft, network exfiltration, or persistence mechanisms was found.
- [PROMPT_INJECTION]: The skill ingests untrusted data from an external JSON file and interpolates it into generated code, creating a surface for indirect prompt injection. While core text content is escaped, some HTML attributes in the preview generator lack sanitization.
- Ingestion points: Design data enters the context via the
--jsonfile path argument inscripts/generate_preview.py. - Boundary markers: None. The script does not utilize delimiters or specific instructions to prevent the execution of embedded commands in layer names.
- Capability inventory: The skill has file system write access to the specified output directory to create HTML, CSS, and component files.
- Sanitization: The React and Vue generators correctly use
html.escape. However, the HTML preview generator inscripts/generators/html_generator.pyinterpolates layer names intoaria-labelattributes without escaping, which could lead to XSS if a malicious JSON file is processed.
Audit Metadata