design-extractor
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/setup.jsscript automates the installation of theplaywrightlibrary and the Chromium browser. These are well-known tools from Microsoft used for industry-standard browser automation.\n- [COMMAND_EXECUTION]: The skill executes standard shell commands for environment validation and package installation through npm, pnpm, or yarn. Thescripts/extract.jsscript executes browser commands to navigate to and interact with target websites provided by the user.\n- [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. The skill reads public website data and stores it in the localdesign-extractor/directory. It does not access sensitive local files or transmit user data to external servers.\n- [REMOTE_CODE_EXECUTION]: The script executes JavaScript within the target website's browser context usingpage.evaluate. This is a core part of its functionality to extract computed styles and design tokens, and it occurs within an isolated browser instance.\n- [PROMPT_INJECTION]: The skill processes untrusted content from external URLs, which represents an indirect prompt injection surface.\n - Ingestion points:
scripts/extract.jscaptures HTML and CSS from remote websites and saves them toraw.jsonandsite.cssfor the agent to later analyze.\n - Boundary markers: The skill does not currently implement explicit boundary markers or instructions for the agent to ignore embedded commands in the extracted data.\n
- Capability inventory: The skill has the ability to write to the local file system and execute browser automation scripts.\n
- Sanitization: The
scripts/extract.jsscript includes logic to remove<script>and<style>tags from extracted HTML components, providing a basic level of sanitization before data is saved.
Audit Metadata