design-system-creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection through web search integration.
- Ingestion points: Untrusted data enters the agent context via 'mcp__firecrawl__firecrawl_search' as defined in SKILL.md.
- Boundary markers: Absent. The skill does not include instructions to treat search results as untrusted or provide delimiters to isolate external content from system prompts.
- Capability inventory: The skill specifies 'Write' and 'Edit' permissions on the file system and access to 'mcp__magic__21st_magic_component_builder' (SKILL.md), which could allow poisoned web content to influence local file modifications.
- Sanitization: Absent. There is no validation or filtering specified for content retrieved from external URLs before it is processed.
Audit Metadata