Skills
skills/doodledood/claude-code-plugins/define-design-guidelines/Gen Agent Trust Hub

define-design-guidelines

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the consumption of external data files.
  • Ingestion points: The skill reads CUSTOMER.md in Phase 0 and Phase 1, and potentially BRAND_GUIDELINES.md in Phase 1 and Phase 4. The content of these files is used to pre-fill recommendations and guide the behavior of subagents.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent or subagents to ignore potential malicious instructions embedded within the CUSTOMER.md or BRAND_GUIDELINES.md files.
  • Capability inventory: The skill possesses the ability to perform glob file searches, read local files, write to the filesystem (DESIGN_GUIDELINES.md), and spawn subagents (design-research and design-quality-auditor).
  • Sanitization: No sanitization, escaping, or validation logic is defined for the content extracted from the external files before it is interpolated into prompts for the subagents or used to generate the final design document.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:33 AM