audit-design-system
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and follow rules from external documentation files. * Ingestion points: Reads project-specific constraints from docs/knowledge-base/ (e.g., SPEC-CSS.md, SPEC-SPACING.md, RULES-UI.md). * Boundary markers: Absent. The agent is instructed to treat these files as mandates without explicit delimiters or instructions to ignore embedded commands. * Capability inventory: Reading local files and outputting text reports. No high-risk capabilities like network access or command execution were found. * Sanitization: Absent. The skill does not describe any validation or filtering of the content within the documentation files.
- [NO_CODE]: The skill consists entirely of markdown instructions and does not include any executable scripts or binary files.
Audit Metadata