designsetup
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that processes untrusted data from external sources, creating an indirect prompt injection surface.
- Ingestion points: The skill reads user-provided context files (referenced via @) and YAML data from previously extracted sites located in the design-system/extracted/ directory.
- Boundary markers: There is no evidence of delimiters or instructions to treat ingested content as data rather than potential instructions during the analysis phase.
- Capability inventory: The agent utilizes Read, Write, and Glob tools, which could be leveraged if a malicious input successfully influences the agent's logic to perform unauthorized file operations.
- Sanitization: No input validation or content filtering is described for the processed documents.
- [COMMAND_EXECUTION]: The skill suggests or utilizes command-line operations for file management and workflow integration.
- Evidence: The references/error-handling.md file provides recovery steps that include running destructive commands like rm -rf on the design-system/extracted/ directory.
- Evidence: The workflow explicitly integrates with other agent commands such as /extract, /pageplan, and /csetup.
Audit Metadata