Skills
skills/voidmatcha/ui-clone-skills/visual-debug/Gen Agent Trust Hub

visual-debug

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill contains a reference to a setup script (install.sh) from the author's GitHub repository that is intended to be piped to bash for environment configuration. However, the instructions explicitly state that the agent should 'halt and surface the bootstrap one-liner to the user' and 'do not auto-execute curl | bash on their behalf', which acts as a safety guardrail.
  • [EXTERNAL_DOWNLOADS]: The skill references external dependencies and setup scripts from the author's infrastructure (github.com/voidmatcha). These are identified as vendor resources and are consistent with the skill's purpose of providing visual debugging tools.
  • [COMMAND_EXECUTION]: The skill utilizes an extensive collection of bash and Python scripts to perform complex visual analysis tasks, including image comparison (AE/SSIM), DOM structure diffing, and browser automation via agent-browser and imagemagick.
  • [DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were identified. The skill's network activity is limited to navigating to the original and implementation URLs provided by the user for comparison purposes.
  • [PROMPT_INJECTION]: The skill does not contain any detected prompt injection or jailbreak attempts designed to override agent safety guidelines.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:51 AM
Security Audit — agent-trust-hub — visual-debug