design-consistency-auditor
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface detected. The skill's primary function is to process untrusted external data with high-privilege capabilities.
- Ingestion points: Project documentation and source code files (e.g.,
*.tsx) as described inSKILL.mdandexamples/quick-audit-checklist.md. - Boundary markers: Absent; the skill does not define delimiters or provide instructions to the agent to ignore embedded commands within the files being scanned.
- Capability inventory: Shell command execution via
grepand the implied capability to 'maintain' (modify) files to fix design debt. - Sanitization: Absent; no escaping or validation of external content is mentioned before it is processed by the agent or passed to shell commands.
- [COMMAND_EXECUTION] (MEDIUM): The skill explicitly instructs the agent to run shell commands (
grep) on the local filesystem. While the suggested commands are for pattern matching, the pattern of allowing an agent to execute shell commands based on content found in untrusted files is inherently risky and can lead to command injection if the agent is manipulated into altering the command strings.
Recommendations
- AI detected serious security threats
Audit Metadata