critical-images
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to analyze external codebase assets (markup, image tags, and CDN configurations). This creates a surface for indirect prompt injection where malicious instructions could be embedded in the files being reviewed. However, the skill's capabilities are limited to providing feedback and flagging violations without the power to execute shell commands, write to the filesystem, or perform network operations, making the risk negligible.
- [REMOTE_CODE_EXECUTION]: The provided JavaScript code in the reference file uses the standard Web PerformanceObserver API to monitor 'largest-contentful-paint' events. This is a passive monitoring tool that runs within the browser context and does not involve any external downloads or execution of untrusted scripts.
Audit Metadata