design-system
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Reference Input' phase (Phase 0) that is vulnerable to indirect prompt injection.\n
- Ingestion points: Untrusted data enters the agent context via user-provided folder paths, individual files, and external website URLs processed through the WebFetch tool as described in SKILL.md.\n
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore potential commands embedded in the fetched content or image metadata during its analysis protocol.\n
- Capability inventory: The skill possesses file-write capabilities to both local and user-level directories (~/.claude/.context/design-systems/) and can trigger external image generation using the creator-stack:nanobanana skill.\n
- Sanitization: There is no documentation of sanitization or validation of the text or visual properties extracted from external references.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes a WebFetch mechanism to retrieve content from arbitrary URLs provided by the user for the purpose of visual design analysis. This is a core feature but represents a point of interaction with external, untrusted infrastructure.\n- [COMMAND_EXECUTION]: While the skill manages complex file system organizations and interacts with other agent skills, it does not invoke arbitrary system shell commands or execute unverified local scripts.
Audit Metadata