impeccable
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates design and maintenance tasks using Node.js scripts that execute subprocesses. Key operations include starting a local design server (
live-server.mjs), applying design variants to source files (live-accept.mjs,live-wrap.mjs), and managing CSP headers (detect-csp.mjs). These scripts utilizeexecSync,execFileSync, andspawnto run shell commands. - [COMMAND_EXECUTION]: The
pin.mjsscript allows the creation and deletion of skill shortcuts by writingSKILL.mdfiles and creating directories within the agent's harness configuration folders (e.g.,.agents/skills,.cursor/skills). - [EXTERNAL_DOWNLOADS]: For real-time design experimentation, the skill injects a
<script>tag into project files to load the element picker and snapshot logic from a local server (localhost). - [DATA_EXFILTRATION]: The skill exposes project source code to the browser-side element picker via a
/sourceendpoint on the local helper server. Access to this data is protected by a randomly generated UUID token generated at server startup. - [PROMPT_INJECTION]: The skill ingests untrusted project context from
PRODUCT.mdandDESIGN.mdto align design output with brand guidelines, creating a surface for indirect prompt injection. - Ingestion points:
scripts/load-context.mjsreads context files from the project root or specified documentation directories. - Boundary markers: The processing logic does not employ specific delimiters or warnings to ignore instructions embedded in these files.
- Capability inventory: The skill can modify project source files (
scripts/live-accept.mjs), execute local scripts (scripts/live.mjs), and manage agent shortcuts (scripts/pin.mjs). - Sanitization: Content from project context files is consumed directly without specialized sanitization or instructional filtering.
Audit Metadata