michelangelo
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs standard development libraries and tools from well-known public registries. Instructs the agent to install the Playwright MCP server from npm for visual validation and references various icon libraries via public CDNs (unpkg.com, jsdelivr.net).
- [COMMAND_EXECUTION]: Uses shell commands for environment discovery, package management, and project scaffolding. Executes commands like 'which', 'cat', and 'grep' to detect existing configurations and available package managers (npm, pnpm, yarn, bun).
- [REMOTE_CODE_EXECUTION]: Installs and runs the Playwright MCP server from a trusted source. Instructs the agent to install '@playwright/mcp' via npx after obtaining explicit user authorization.
- [PROMPT_INJECTION]: The skill processes natural language UI descriptions to generate code, which presents an indirect prompt injection surface. Ingestion points: User UI requests and design specifications. Boundary markers: Absent. Capability inventory: Shell execution for project setup and Playwright navigation/screenshotting. Sanitization: No validation or filtering logic for user input before incorporation into generated code.
Audit Metadata