review-design
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to its requirement to process external, untrusted content from source code and design specifications.\n
- Ingestion points: Untrusted content is ingested into the agent context through placeholders such as
{COMPONENT_CODE}and{FIGMA_CONTEXT}inagents/design-reviewer-agent.md, and via the Jira ticket reading functionality inSKILL.md.\n - Boundary markers: There are no specific delimiters or instructions defined to isolate external content or to warn the agent against embedded instructions.\n
- Capability inventory: The skill is configured for file reading and utilizing platform-provided MCP tools for Jira and Figma access.\n
- Sanitization: The skill does not perform sanitization, escaping, or validation on the ingested external content.\n- [SAFE]: No evidence of malicious behavior was found. The skill does not implement hidden network operations, credential harvesting, or unauthorized command execution. All identified functionality aligns with its stated purpose of improving frontend implementation quality.
Audit Metadata