material-3
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions that explicitly override external design guidance (specifically typeface selection rules from other potential skills) to ensure adherence to Material Design 3 standards (SKILL.md).
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The
auditcommand processes data from untrusted external websites and local source code files. - Ingestion points: External URLs visited via browser tools and local file paths provided to the audit command (SKILL.md).
- Boundary markers: Absent. The instructions do not define delimiters or warnings to treat ingested content as data rather than instructions.
- Capability inventory: Browser navigation, DOM reading, JavaScript execution in browser context, file reading, and shell command execution (SKILL.md).
- Sanitization: Absent. No verification or sanitization of ingested content is specified.
- [COMMAND_EXECUTION]: The skill provides shell commands using
grepfor the agent to scan local project files for non-compliant design patterns during audits (SKILL.md). - [EXTERNAL_DOWNLOADS]: The skill references and guides the installation of official Google packages (
@material/weband@material/material-color-utilities) from the npm registry and utilizes official documentation from m3.material.io.
Audit Metadata