Skills
skills/shiplightai/agent-skills/design-review/Gen Agent Trust Hub

design-review

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted web pages (the Target URL) and uses that data to generate remediation guidance and test files.
  • Ingestion points: External website content is ingested via inspect_page and act tool calls within a browser session.
  • Boundary markers: The instructions do not specify any delimiters or warnings to the agent to ignore potentially malicious instructions embedded in the target website's DOM or metadata.
  • Capability inventory: The skill has the ability to interact with the browser (act), extract DOM content, and write files to the local file system (saving reports to shiplight/reports/ and tests to shiplight/tests/).
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from the target URL before it is used to generate findings or code-based remediation guidance.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 06:04 PM