octocode-design
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill ingests untrusted data from local source files and remote GitHub repositories to generate design system documentation. Ingestion points are located in SKILL.md and references/paths/existing-project.md via tools such as localGetFileContent and githubGetFileContent. The skill lacks boundary markers or explicit instructions to the agent to ignore natural language instructions found within the analyzed files. The agent possesses capabilities to write to the local filesystem, which could be manipulated by embedded instructions. No sanitization or validation of the retrieved content is documented.
- [SAFE]: The skill utilize Model Context Protocol (MCP) tools for local and remote file access. These operations are aligned with the skill's primary purpose of codebase analysis and documentation. No unauthorized data exfiltration or harvesting of sensitive credentials (e.g., SSH keys, environment variables) was detected.
Audit Metadata