uplift
Pass
Audited by Gen Agent Trust Hub on Jul 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes a surface for indirect prompt injection by processing content from external URLs.
- Ingestion points: Data is fetched from external websites using the
stardust:extracttool. - Boundary markers: The skill separates the brand extraction phase from the redesign logic and uses structured data keys to isolate attributes.
- Capability inventory: The tool can execute local file operations and use the system
opencommand. - Sanitization: It implements a 'Content sourcing scan' in Phase 2 and uses
[data-placeholder]for content verification, effectively neutralizing instructions embedded in the crawled content. - [COMMAND_EXECUTION]: The skill uses the system
opencommand to launch local HTML prototype files in the default browser. This is a functional requirement for previewing generated designs and is used safely within the skill's workflow.
Audit Metadata