design-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a potential indirect prompt injection surface by reading and 'internalizing' the content of project files such as PRD.md, DESIGN_SYSTEM.md, and progress.txt. An attacker who can modify these files could potentially embed malicious instructions to influence the agent's behavior during the audit.
- Ingestion points: Tier 1 and Tier 2 search protocols in SKILL.md targeting repository root and docs/ directory.
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the scanned documentation.
- Capability inventory: The skill can perform file modifications (visual only) and take screenshots for evaluation.
- Sanitization: No evidence of input validation or sanitization for the ingested file content.
- Mitigation: The risk is significantly reduced by the mandatory human-in-the-loop approval gate in Step 4, which requires verification of all proposed changes before any implementation.
Audit Metadata