visual-alignment-audit

Pass

Audited by Gen Agent Trust Hub on Jul 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites (the 'REFERENCE' site). An attacker could place malicious instructions on a website that the agent is auditing to influence the agent's behavior during the audit process.
  • Ingestion points: The mcp__claude-in-chrome__javascript_tool is used to read text content and styles directly from external URLs.
  • Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore embedded instructions within the fetched site data.
  • Capability inventory: The agent has the ability to run JavaScript in the browser environment, take screenshots, and modify local project files (CSS and HTML) to apply 'fixes'.
  • Sanitization: There is no evidence of filtering or sanitization of the content retrieved from the reference site before it is processed by the agent.
  • [COMMAND_EXECUTION]: The skill utilizes dynamic execution by generating JavaScript snippets to be executed in a browser environment via the mcp__claude-in-chrome__javascript_tool. While the provided script templates are functional and benign, this mechanism involves runtime execution of code generated by the agent based on instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 14, 2026, 10:28 AM
Security Audit — agent-trust-hub — visual-alignment-audit