Skills
skills/tfsugjp/csharptemplate/web-design-reviewer/Gen Agent Trust Hub

web-design-reviewer

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection, as it ingests untrusted content from the web and uses it to perform local file system modifications.
  • Ingestion points: The agent navigates to remote URLs and captures DOM structure/snapshots using browser_navigate and browser_snapshot tools as described in SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions potentially hidden within the target website's HTML or metadata.
  • Capability inventory: The skill possesses significant capabilities, including File Read/Write for applying code fixes and Web Page Navigation for traversing external sites.
  • Sanitization: No sanitization or validation logic is specified for the data retrieved from external URLs before it influences the agent's code-writing actions.
  • [EXTERNAL_DOWNLOADS]: The skill's implementation guidance suggests the use of the Playwright MCP server from Microsoft.
  • It recommends executing @playwright/mcp via npx to enable browser automation capabilities like vision and DOM snapshots.
  • [COMMAND_EXECUTION]: The workflow relies on executing browser automation commands to interact with and inspect live web applications.
  • The skill utilizes tools such as browser_navigate, browser_resize, and browser_take_screenshot to perform visual and responsive design testing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:20 AM
Security Audit — agent-trust-hub — web-design-reviewer