design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation instructs the agent to execute a local Python utility (
tools/uiux-corpus/scripts/search.py) to lookup UI components and architectural guidance. This execution is limited to the skill's own internal logic. - [PROMPT_INJECTION]: Potential Indirect Prompt Injection Surface:
- Ingestion points: User-provided search queries processed via
search.pyanddesign_system.py. - Boundary markers: Absent in the generated project documentation files (
MASTER.md). - Capability inventory: The skill can create and write files to the local
design-system/directory using thepersist_design_systemfunction indesign_system.py. - Sanitization: Minimal sanitization is performed on user-provided strings before they are interpolated into the generated Markdown files. However, the impact is limited to the content of generated documentation.
- [SAFE]: No hardcoded credentials or unauthorized data exfiltration patterns were detected in the analyzed scripts or documentation. The code uses standard Python libraries and does not perform network operations.
- [SAFE]: Analysis of the 39 files confirms that the skill behaves as a design automation tool. No obfuscation, persistence mechanisms, or privilege escalation techniques were identified.
Audit Metadata