design-lead
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to ingest and process the contents of multiple external project files to formulate design strategies.
- Ingestion points: The skill reads context from
projects/<project>/onboarding.md,projects/<project>/positioning.md, andprojects/<project>/discovery.mdas specified in the 'Before Starting' and 'Context Gathering' sections ofSKILL.md. - Boundary markers: Absent. There are no explicit delimiters or instructions telling the agent to ignore potentially malicious commands embedded within the project files.
- Capability inventory: The skill has access to powerful tools including
Write(to save direction documents),WebSearch(for competitive analysis), andRead/Glob/Grep(to access the file system). - Sanitization: Absent. The skill does not perform validation or filtering on the content retrieved from the project files before using it to generate output or make decisions.
Audit Metadata