prototype
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands to facilitate the development workflow.
- Uses platform-specific commands (
open,xdg-open,start) to launch the default web browser and display prototype viewers. - Relies on the GitHub CLI (
gh) to perform repository authentication, clone external repositories, and create pull requests during the showcase publishing flow. - [EXTERNAL_DOWNLOADS]: The skill downloads content from external sources as part of its publishing feature.
- Clones the stardust showcase repository from
paolomoz/stardust-siteon GitHub when the--publish-sampleflag is used. - [DATA_EXFILTRATION]: The skill facilitates the transfer of project artifacts to external repositories.
- The
--publish-samplefeature is designed to stage and push locally generated prototype HTML files and associated design metadata to a remote repository on GitHub. - [PROMPT_INJECTION]: The skill processes untrusted external data which constitutes an attack surface for Indirect Prompt Injection (Category 8).
- Ingestion points: Reads captured website content from
stardust/current/pages/<slug>.jsonand renders it into proposed redesigns. It also embeds live URLs in iframes withallow-scriptspermissions for comparison. - Boundary markers: Implements structured provenance comment blocks (
stardust:provenance) in generated HTML files to track input artifacts and direction. - Capability inventory: Performs file system writes (writing HTML and Markdown files), executes shell commands (
gh, browser openers), and invokes theimpeccableskill to perform complex creative tasks. - Sanitization: Employs a 'Content sourcing scan' and validation of token/attribute contracts, though it does not explicitly detail sanitization or escaping of executable content (e.g.,
<script>tags) present in the source website JSON data.
Audit Metadata