web-design-guidelines-review
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to process and audit untrusted data, specifically frontend UI code and diffs.
- Ingestion points: UI code, design files, and git diffs provided by the user for review in
SKILL.md. - Boundary markers: Absent. The instructions do not specify delimiters or tell the agent to ignore instructions that might be embedded as comments within the code under review.
- Capability inventory: The skill is intended for use in environments where the agent has file-reading capabilities. If an injection within the user code is successful, it could influence the agent's behavior or findings.
- Sanitization: None. The skill does not implement validation or sanitization of the input source code.
- [COMMAND_EXECUTION]: The skill references guidelines via a path traversal pattern (
../../references). While commonly used in monorepos to share assets across skills, relative path resolution can be a risk factor if the execution environment does not properly sandbox file access to the skill's root directory.
Audit Metadata