design-state
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages a shared state file (design-state.md) that serves as the 'single source of truth' for all agents, creating an indirect prompt injection surface. 1. Ingestion points: The file 'design-state.md' is read by every Designpowers agent before beginning work. 2. Boundary markers: The document structure uses Markdown headers and tables, but lacks explicit delimiters or instructions for the agent to ignore potentially malicious commands embedded in fields like the 'handoff chain' or 'Rationale'. 3. Capability inventory: The skill directs agents to perform read and append operations on the local filesystem. 4. Sanitization: The skill does not define any process for validating or sanitizing the content of the state file, allowing arbitrary strings to be interpreted as valid design decisions or instructions.
Audit Metadata