design-md
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The README.md file suggests installation via 'npx' from the 'google-labs-code' organization. This organization is not included in the list of verified trusted entities (such as 'google' or 'google-gemini'), and while likely legitimate in context, it remains unverified.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests and analyzes HTML code from external URLs ('htmlCode.downloadUrl'). Evidence: 1. Ingestion points: The skill uses 'web_fetch' in SKILL.md to retrieve external HTML content. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The agent has 'Write' access to the filesystem and 'web_fetch' network access. 4. Sanitization: No sanitization or validation of the fetched HTML content is performed prior to analysis.
Audit Metadata