design2spec
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data (images, mockups, and URLs), creating a surface for indirect prompt injection where malicious design materials could influence the generated technical specifications or subsequent coding tasks.\n
- Ingestion points: Step 1 in
SKILL.mdindicates the skill accepts images, screenshots, URLs, mockups, and natural-language descriptions as input.\n - Boundary markers: The instructions do not define the use of delimiters or specific safety instructions to ignore commands embedded within the design materials.\n
- Capability inventory: The skill produces structured JSONC specifications used to guide downstream coding agents and directs the agent to 'inspect project context' (file system access). A malicious payload could attempt to bias the architecture or implementation details specified in the output.\n
- Sanitization: No input validation or sanitization routines are specified for the provided design inputs.
Audit Metadata