design-brief
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of processing external data and writing to files.
- Ingestion points: User-provided descriptions of features/products and content retrieved from Figma links via the Figma MCP referenced in Step 1.
- Boundary markers: Absent. The instructions do not define delimiters for user-provided content or include warnings to the agent to ignore instructions embedded within that data.
- Capability inventory: The skill has the capability to create directories and write files to the local filesystem (
briefs/[name]-brief.md). - Sanitization: No sanitization is performed on the
[name]variable used in the filename, which could potentially be exploited for path traversal if the agent is not sufficiently constrained by its underlying environment. - [DATA_EXPOSURE] (LOW): While the skill primarily writes files, the instruction to 'Consider all relevant details about the product or project you have access to' encourages the agent to pull data from the current context into the brief, which could lead to accidental exposure of sensitive project details if the generated brief is shared externally.
Audit Metadata