design-loop
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads HTML components and screenshots from the Google Stitch SDK service using curl as part of the visual design generation process.- [COMMAND_EXECUTION]: Shell commands are used for project orchestration, including dependency management (npm), environment checks (ls), and running a local development server (npx serve) for verification.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it reads instructions from a local state file (.design/next-prompt.md) to drive its autonomous build loop.
- Ingestion points: The .design/next-prompt.md file is the primary source of instructions for each iteration.
- Boundary markers: There are no delimiters or markers used to isolate instructions from the baton file content.
- Capability inventory: The skill can execute Bash commands, perform network downloads via curl, and write/edit local files.
- Sanitization: The skill does not implement validation or sanitization of the baton file content before it is processed by the AI models.
Audit Metadata