sketch
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses terminal commands to create and manage local file structures for design variants.
- Evidence: Use of
mkdir -pto create subdirectories under thesketches/folder. - Evidence: Instructions to use platform-specific commands like
open,xdg-open, andstartto view the generated HTML artifacts. - [EXTERNAL_DOWNLOADS]: The skill incorporates external assets to enhance the visual fidelity of mockups.
- Evidence: References the Tailwind CSS CDN (
https://cdn.tailwindcss.com) in the generated HTML templates. - [REMOTE_CODE_EXECUTION]: The attribution and documentation sections mention external tools for advanced workflows.
- Evidence: Mentions the installation and usage of the
get-shit-done-ccpackage vianpxfrom thegsd-buildrepository. - [PROMPT_INJECTION]: The skill features an indirect prompt injection surface as it processes user input to generate executable browser content.
- Ingestion points: Captures user input for 'Feel', 'References', and 'Core action' during the intake phase.
- Boundary markers: None present; user input is directly used to shape the content and logic of the generated HTML.
- Capability inventory: Uses
write_fileto create the HTML/JS andbrowser_navigate/browser_visionto execute and inspect it. - Sanitization: No explicit sanitization or validation of the user-provided descriptions is specified before they are interpolated into the generated code.
Audit Metadata