usability-review
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and act upon data from external sources that are not under the developer's control.
- Ingestion points:
SKILL.mdindicates the skill processes content from live URLs, HTML/CSS/JS code, and user-provided screenshots. - Boundary markers: The instructions do not define specific delimiters or security constraints to distinguish between the agent's instructions and the content of the audited UI components.
- Capability inventory: The agent uses the platform's
/browsetool and has the potential to write modifications to the user's UI source files when in 'Redesign Mode' (as specified inSKILL.md). - Sanitization: There are no instructions for sanitizing or filtering the external code or website data before it is analyzed by the model.
Audit Metadata