design-gallery
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external documents (PRDs) and existing codebases to derive content and design directions.
- Ingestion points: The skill reads PRD files and project source code in Step 3 to identify branding and features.
- Boundary markers: Absent. There are no instructions for the agent to ignore or delimit potentially malicious instructions embedded within the source documents.
- Capability inventory: The skill can write multiple new files (React, Vue, HTML, JSON) and modify existing router configuration files.
- Sanitization: Content is extracted from documents and interpolated into code without explicit sanitization or validation.
- [COMMAND_EXECUTION]: The skill performs filesystem discovery by checking for the existence of specific tools in the agent's internal skills directory (~/.claude/skills/) and reading project configuration files.
Audit Metadata