design-audit
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any scripts, binaries, or configuration files that execute code.
- [PROMPT_INJECTION]: The skill has a potential surface for Indirect Prompt Injection. -- Ingestion points: The skill processes local project files like PRD.md and APP_FLOW.md, as well as live application content. -- Boundary markers: No delimiters are used to separate user-controlled data from instructions. -- Capability inventory: The skill outputs precise implementation notes intended for execution by a separate build agent, which could be manipulated by malicious input in the source files or app UI. -- Sanitization: There is no validation or filtering of ingested text. -- Mitigation: The protocol enforces a human-in-the-loop approval step before any changes are carried out.
Audit Metadata