build
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data by reading design prototypes in various formats (image files, PDFs) as specified in Phase 1. This represents an indirect prompt injection surface as these files could contain instructions designed to influence the agent's behavior during code generation. \n
- Ingestion points: Design prototype files (PNG, JPG, WebP, PDF) read using the Read tool. \n
- Boundary markers: Absent; the instructions do not include specific delimiters or directives to ignore instructions embedded within the processed visual data. \n
- Capability inventory: The skill has access to shell execution (Bash) for project setup and file modification (Write/Edit) for generating source code. \n
- Sanitization: No explicit sanitization or filtering of design file content is performed prior to analysis. \n- [COMMAND_EXECUTION]: Employs the Bash tool to perform routine project initialization tasks, such as scaffolding new applications using official framework CLI tools (e.g.,
npx create-next-app,npm create vite). These operations are consistent with the skill's primary function. \n- [EXTERNAL_DOWNLOADS]: Downloads project templates and UI component libraries from well-known public registries (NPM) to set up the development environment as described in Phase 3.
Audit Metadata