enhance-prompt
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected. The instructions focus entirely on prompt enhancement logic.
- [Data Exposure & Exfiltration] (SAFE): The skill utilizes the 'Read' tool to access 'DESIGN.md' within the project context. It does not attempt to access sensitive system paths (e.g., ~/.ssh, .env) or perform network operations.
- [Remote Code Execution] (SAFE): The skill does not define external dependencies or execute remote scripts. The installation command provided in the README refers to a trusted source (google-labs-code).
- [Indirect Prompt Injection] (LOW): The skill features an ingestion surface for untrusted data from the 'DESIGN.md' file.
- Ingestion points: SKILL.md reads 'DESIGN.md' content to extract design system blocks.
- Boundary markers: The content is wrapped in a 'DESIGN SYSTEM (REQUIRED)' section in the output, providing some context to the downstream agent.
- Capability inventory: The skill has 'Read' and 'Write' permissions, which are used to generate text prompts or write them to local files.
- Sanitization: No explicit sanitization or escaping of the 'DESIGN.md' content is performed before interpolation into the prompt.
- Note: Because this is the primary intended use-case of the skill, the severity is categorized as SAFE.
Audit Metadata