impeccable

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates design and maintenance tasks using Node.js scripts that execute subprocesses. Key operations include starting a local design server (live-server.mjs), applying design variants to source files (live-accept.mjs, live-wrap.mjs), and managing CSP headers (detect-csp.mjs). These scripts utilize execSync, execFileSync, and spawn to run shell commands.
  • [COMMAND_EXECUTION]: The pin.mjs script allows the creation and deletion of skill shortcuts by writing SKILL.md files and creating directories within the agent's harness configuration folders (e.g., .agents/skills, .cursor/skills).
  • [EXTERNAL_DOWNLOADS]: For real-time design experimentation, the skill injects a <script> tag into project files to load the element picker and snapshot logic from a local server (localhost).
  • [DATA_EXFILTRATION]: The skill exposes project source code to the browser-side element picker via a /source endpoint on the local helper server. Access to this data is protected by a randomly generated UUID token generated at server startup.
  • [PROMPT_INJECTION]: The skill ingests untrusted project context from PRODUCT.md and DESIGN.md to align design output with brand guidelines, creating a surface for indirect prompt injection.
  • Ingestion points: scripts/load-context.mjs reads context files from the project root or specified documentation directories.
  • Boundary markers: The processing logic does not employ specific delimiters or warnings to ignore instructions embedded in these files.
  • Capability inventory: The skill can modify project source files (scripts/live-accept.mjs), execute local scripts (scripts/live.mjs), and manage agent shortcuts (scripts/pin.mjs).
  • Sanitization: Content from project context files is consumed directly without specialized sanitization or instructional filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 11:03 PM
Security Audit — agent-trust-hub — impeccable