arn-spark-visual-sketch
This skill should be used when the user says "visual sketch", "arn visual sketch", "sketch directions", "explore visuals", "visual proposals", "try different looks", "design directions", "sketch the UI", "visual exploration", "compare styles", "show me options", "what could this look like", or wants to generate multiple visual direction proposals as real HTML/CSS running on the scaffolded project's dev server, iteratively selecting and refining until a final visual direction is chosen.
71
64%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./plugins/arn-spark/skills/arn-spark-visual-sketch/SKILL.mdSecurity
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.70). The skill's Agent Invocation Guide explicitly permits invoking arn-spark-style-capture with an external URL ("User wants to compare with an external reference — Invoke arn-spark-style-capture with the external URL..."), which means the agent can fetch and ingest arbitrary public web pages provided by users and present/compare them alongside proposals, allowing untrusted third-party content to materially influence decisions.
- Repository
- AppsVortex/arness
- Commit
1fe948f
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.