design-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted content from external web pages.
- Ingestion points: The skill visits and inspects content from a user-provided 'Target URL' in Phase 2 and Phase 3.
- Boundary markers: The instructions do not include specific delimiters or directions to the agent to ignore potentially malicious commands embedded in the web content.
- Capability inventory: The agent utilizes browser automation tools (new_session, act, inspect_page) and has the ability to write files to the local directory (shiplight/ reports and tests).
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the web pages before processing.
- [COMMAND_EXECUTION]: The skill uses browser automation and dynamic script execution to perform its analysis.
- Evidence: Phase 3 instructions direct the agent to 'Run JavaScript via act' to compute contrast ratios, check ARIA attributes, and extract heading hierarchy.
- Context: These operations are performed within the browser context to gather design metrics and do not involve shell command execution on the host system.
Audit Metadata