design-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest and process external, untrusted content from live UIs and frontend codebases.
- [PROMPT_INJECTION]: Evidence Chain:
- Ingestion points: Deployed user interfaces and frontend source code mentioned in the review methodology (SKILL.md).
- Boundary markers: Absent; the instructions do not specify any delimiters or safety warnings to ignore instructions found within the reviewed UI content.
- Capability inventory: The skill utilizes the Playwright MCP for live browser testing and code health assessments (SKILL.md).
- Sanitization: Absent; there are no defined mechanisms for sanitizing or validating the data retrieved from external viewports before it is processed by the agent.
Audit Metadata