design-describe
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection by processing external user input to drive file generation.
- Ingestion points: External data is ingested through the
$ARGUMENTSparameter within<screenshot>tags inSKILL.md. - Boundary markers: The skill uses XML-style
<screenshot>tags to demarcate untrusted input. - Capability inventory: The skill utilizes file system capabilities to create directories and write multiple documentation files (
plan.md,phase-XX-phase-name.md). - Sanitization: There are no explicit instructions for sanitizing or escaping the content of the user arguments before they are interpreted by the multimodal AI or subagents.
Audit Metadata