design-md
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it retrieves and analyzes untrusted external data.\n
- Ingestion points: HTML source code and design metadata are fetched from dynamic URLs (
htmlCode.downloadUrl) using theweb_fetchtool inSKILL.md.\n - Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the fetched HTML.\n
- Capability inventory: The skill is granted
Writepermissions andweb_fetchcapabilities, which could be leveraged if the agent inadvertently follows instructions found in the analyzed assets.\n - Sanitization: No pre-processing or sanitization steps are defined for the external HTML content before the agent performs its analysis.\n- [EXTERNAL_DOWNLOADS]: The skill uses the
web_fetchtool to download assets such as HTML code and screenshots from remote URLs provided by the Stitch MCP server. This is a legitimate part of the skill's primary function to document design systems.
Audit Metadata