design-deck
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted input from codebase files and project plans, creating an indirect prompt injection surface.
- Ingestion points: Plan and PRD files, local codebase files, and external web content from component.gallery (SKILL.md).
- Boundary markers: Absent; instructions do not require delimiters for external content.
- Capability inventory: Invocation of design_deck, shell execution via surf CLI, and deck_generate tool usage (SKILL.md).
- Sanitization: Absent; the skill explicitly directs the agent to inject generated HTML content directly into the DOM using innerHTML, which could facilitate Cross-Site Scripting (XSS) if malicious instructions are followed (SKILL.md).
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the surf CLI command to generate image assets for architecture diagrams (SKILL.md).
- [EXTERNAL_DOWNLOADS]: Fetches design patterns, component best practices, and implementation examples from the component.gallery website (SKILL.md).
Audit Metadata