Skills
skills/shipshitdev/library/critique/Gen Agent Trust Hub

critique

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx impeccable shell commands to perform deterministic design scans on local source code and to manage a live visualization server (npx impeccable live).
  • [EXTERNAL_DOWNLOADS]: The use of npx facilitates the download and execution of the impeccable package from the npm registry.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from source files and live web pages.
  • Ingestion points: The skill reads HTML, CSS, and JS/TS source files and live web pages during the design review process (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the instructions for processing these files.
  • Capability inventory: The agent has the capability to execute shell commands via npx and perform browser script injection (SKILL.md).
  • Sanitization: No sanitization or validation of the external file content or page source is performed before the LLM analyzes the data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM