adhd-design-expert
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
- Ingestion points: The skill uses mcp__firecrawl__firecrawl_search and WebFetch to ingest untrusted data from the web (SKILL.md, Design Workflow section).
- Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are present to isolate external content.
- Capability inventory: The skill has filesystem access (Read, Write, Edit) and UI generation capabilities (mcp__magic__21st_magic_component_builder and mcp__magic__21st_magic_component_refiner).
- Sanitization: No explicit sanitization or validation of the fetched web content is performed before processing.
Audit Metadata