authoring-hi-fi
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill outlines a standard professional workflow for UI/UX designers and engineers using AI agents.
- [COMMAND_EXECUTION]: The skill instructs the agent to utilize a headless browser (referenced as
agent-browseror Playwright) to render generated code and capture screenshots for visual verification. This is a legitimate and core function of the skill's design-to-code purpose. - [EXTERNAL_DOWNLOADS]: The skill references industry-standard frameworks and tools including Tailwind CSS, React, shadcn/ui, and axe-core. These are trusted resources commonly used in frontend development pipelines.
- [PROMPT_INJECTION]: The skill describes ingesting external data sources such as wireframes and design-system tokens to drive the generation of code. While these inputs are processed by the agent, the skill provides specific guidelines on how to consume them (e.g., token-to-code mapping) which minimizes the risk of unintended behavior from the data.
- Ingestion points: Upstream wireframes and design-system tokens referenced in SKILL.md.
- Boundary markers: The skill establishes clear roles for the inputs (wireframes for structure, design systems for tokens), serving as conceptual boundaries for the agent.
- Capability inventory: The agent is authorized to use a headless browser for rendering and screenshotting.
- Sanitization: The process relies on the agent's internal logic to map tokens and structures, which acts as a filter for non-conforming inputs.
Audit Metadata