critique
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
npxto run theimpeccableCLI for design scanning and to manage a local live detection server. - [EXTERNAL_DOWNLOADS]: The skill fetches the
impeccablepackage from the official npm registry during execution if it is not already present. - [REMOTE_CODE_EXECUTION]: To provide visual feedback, the skill injects a script (
detect.js) into the browser environment from a locally-hosted server started by the agent. - [PROMPT_INJECTION]: The skill processes untrusted content from source files and browser console logs, representing an indirect prompt injection surface.
- Ingestion points: Reads local source code files (HTML, JSX, TSX, etc.) and monitors browser console logs via the
read_console_messagestool. - Boundary markers: The skill instructs the agent to filter console output using the
[impeccable]prefix to distinguish tool results from other logs. - Capability inventory: The skill possesses the ability to execute shell commands, inject browser scripts, and read local project files.
- Sanitization: Content is passed through a synthesis step where the agent is instructed to weave the findings into a report, providing a layer of cognitive filtering before final output.
Audit Metadata