add-visual-reference
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to manage the file system and verify the project state. Specifically, it uses
mkdir -pto create directories for screenshots andbun run buildto verify the integrity of the generated JSON files. These operations are limited to the project scope and are consistent with the skill's stated purpose. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads and writes to project-specific paths (
public/references/andsrc/content/references/). There is no evidence of access to sensitive system files, environment variables, or unauthorized network transmissions. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (e.g., website names, URLs, style descriptions) and incorporates them into JSON files and file paths (via slugs).
- Ingestion points: User-provided screenshot analysis and direct input for name, URL, and categories (SKILL.md).
- Boundary markers: None used; the agent relies on the user to confirm the extracted details before generation.
- Capability inventory: Subprocess calls for
mkdirandbun run build, and file write operations (SKILL.md). - Sanitization: The skill applies transformation logic (kebab-casing for slugs) and follows a strict JSON schema, which provides some level of structural validation.
Audit Metadata