Agent Design
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill defines agent profiles that include high-privilege tools such as Bash for shell command execution and custom startCommand and installCommand strings for MCP servers in SKILL.md and references/types.md.
- [EXTERNAL_DOWNLOADS]: The agent design framework supports the declaration of external dependencies via npmDependencies and pipDependencies fields and provides examples of using npx to fetch and run remote MCP servers from well-known sources like @anthropic-ai.
- [PROMPT_INJECTION]: The skill manages the configuration of agent instructions, which creates a surface for indirect prompt injection where user-provided data influences agent behavior.
- Ingestion points: User requests to define agent capabilities or workflows are processed via the instructions in SKILL.md.
- Boundary markers: Absent; the documentation does not specify the use of delimiters or instructions to ignore embedded content in user-provided data.
- Capability inventory: Configured agents are designed to utilize Bash, Write, Edit, and package managers as described in the AgentProfile structure.
- Sanitization: Absent; no input validation or escaping mechanisms are described for user-provided instructions.
Audit Metadata