Skills
skills/sethgammon/citadel/live-preview/Gen Agent Trust Hub

live-preview

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes shell commands via npx playwright to generate screenshots of local routes (e.g., http://localhost:{port}/{route}). The command utilizes variable interpolation for port numbers and route paths derived from the project configuration or user input.
  • [EXTERNAL_DOWNLOADS]: Recommends installing the playwright package via standard Node.js package managers (npm) and utilizes npx for on-demand execution. These are established workflows for well-known developer tools.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from modified source files and visual screenshot content to drive the verification loop.
  • Ingestion points: Reads modified view-layer files (.tsx, .jsx, .vue, .svelte, .html, .css) and processes vision data from generated screenshots.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the analyzed files or screenshots.
  • Capability inventory: Includes shell command execution (npx playwright) and the ability to modify source code files during the "fix" phase.
  • Sanitization: No specific sanitization or validation logic is defined for the route names or code fixes generated from external inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 10:49 AM