visualstorming
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by processing data from an external visual reference server.
- Ingestion points: Interaction events and session data are read from the 'event log' of the local reference server into the agent's context (SKILL.md).
- Boundary markers: The instructions do not specify delimiters or warnings to ignore potentially malicious instructions embedded within the browser events.
- Capability inventory: The agent has the capability to write files to the project directory and open them in a browser, creating a feedback loop where interaction data could influence further file generation (SKILL.md).
- Sanitization: No sanitization, validation, or escaping of the incoming browser event data is mentioned.
- [COMMAND_EXECUTION]: The skill utilizes dynamic execution patterns by generating and automatically opening HTML files based on session state.
- Evidence: The agent is instructed to 'Create a local visual artifact' and 'Open it in a local browser' using environment-specific tools (SKILL.md).
Audit Metadata