visual-alignment-audit
Pass
Audited by Gen Agent Trust Hub on Jul 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external websites (the 'REFERENCE' site). An attacker could place malicious instructions on a website that the agent is auditing to influence the agent's behavior during the audit process.
- Ingestion points: The
mcp__claude-in-chrome__javascript_toolis used to read text content and styles directly from external URLs. - Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore embedded instructions within the fetched site data.
- Capability inventory: The agent has the ability to run JavaScript in the browser environment, take screenshots, and modify local project files (CSS and HTML) to apply 'fixes'.
- Sanitization: There is no evidence of filtering or sanitization of the content retrieved from the reference site before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill utilizes dynamic execution by generating JavaScript snippets to be executed in a browser environment via the
mcp__claude-in-chrome__javascript_tool. While the provided script templates are functional and benign, this mechanism involves runtime execution of code generated by the agent based on instructions.
Audit Metadata