Skills
skills/mevans2120/design-suite-claude-skills/design-components/Gen Agent Trust Hub

design-components

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest and process data from untrusted external sources and local project files, creating a vulnerability surface for indirect prompt injection.
  • Ingestion points: The skill reads project configuration files (e.g., globals.css, tailwind.config.ts) and processes results from the web_search tool.
  • Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores potentially malicious instructions embedded within the ingested CSS, JS, or web search content.
  • Capability inventory: The skill performs file system read operations on project configurations, writes new HTML and Markdown files to the docs/design/ directory, and utilizes the web_search capability.
  • Sanitization: The instructions do not define any validation, filtering, or escaping mechanisms for the data retrieved from external or project sources before it is used to generate concepts.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 06:36 AM