design
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted data from external design websites and user-provided inspiration URLs.
- Ingestion points: WebFetch calls to Siteinspire and Mobbin, and Chrome MCP navigation to inspiration URLs.
- Boundary markers: None identified; external content is processed directly to summarize findings.
- Capability inventory: The skill can write files to the docs/ directory, execute browser actions, and perform shell commands via npx.
- Sanitization: No explicit sanitization or validation of the fetched web content is performed.
- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to retrieve content from well-known design inspiration services including Siteinspire and Mobbin to inform design decisions.
- [COMMAND_EXECUTION]: The skill includes instructions to execute the @tailwindcss/cli via npx to canonicalize Tailwind CSS classes during the UI polish phase.
- [DATA_EXFILTRATION]: The skill uses browser automation (Chrome MCP or agent-browser) to capture screenshots of local development environments for visual reconnaissance and implementation verification.
Audit Metadata