brand-content-design
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches design system recognition indices and methodology from 'https://camoa.github.io/dev-guides/llms.txt'. This is a vendor-owned resource used to provide technical guidance to the agent for design token extraction.
- [COMMAND_EXECUTION]: Uses the 'find' command to search for 'brand-philosophy.md' and template files within the user's workspace to identify the project root and available design assets.
- [PROMPT_INJECTION]: The skill processes data from local project files and remote guides which presents an indirect prompt injection surface. Ingestion points: 'brand-philosophy.md' (local) and 'camoa.github.io' (remote). Boundary markers: No explicit instructions to ignore embedded commands are present in the guides. Capability inventory: Network fetching (WebFetch), filesystem searching (find), and file writing (presentations/carousels). Sanitization: No explicit content validation or sanitization logic is provided in the instruction set.
Audit Metadata