design-memory
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface by extracting design preferences from untrusted sources like
design-state.mdand handoff chains to update a persistent taste profile. This profile then informs constraints for other agents in the ecosystem. * Ingestion points: Data fromdesign-state.md, handoff documentation, and user overrides. * Boundary markers: Absent; there is no validation mechanism to distinguish legitimate preferences from adversarial instructions embedded in project history. * Capability inventory: Accesses the user's home directory and controls the constraints of multiple agents (e.g.,design-lead,content-writer). * Sanitization: Absent. - [COMMAND_EXECUTION]: The skill performs file system read and write operations at
~/.designpowers/taste-profile.md. While this persistence of user settings is its primary purpose, the use of the home directory for configuration storage is a sensitive capability.
Audit Metadata