using-designpowers
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses extremely assertive and mandatory language to override default agent behavior and hijack the response loop.
- Evidence in SKILL.md: "Use when starting any conversation — establishes how to find and use design skills, requiring Skill tool invocation before ANY response including clarifying questions"
- Evidence in SKILL.md: "IF A SKILL APPLIES TO YOUR TASK, YOU DO NOT HAVE A CHOICE. YOU MUST USE IT."
- Evidence in SKILL.md: "Before responding to ANY message — including clarifying questions — check whether a Designpowers skill applies."
- [PROMPT_INJECTION]: It mandates a multi-step "Welcome Sequence" that must be executed "before doing anything else" in a session, regardless of the initial user prompt.
- [PROMPT_INJECTION]: Indirect prompt injection surface via untrusted data ingestion.
- Ingestion points: User response to
AskUserQuestion("What are we designing?") and agent-generated "handoff babble". - Boundary markers: Absent for user input.
- Capability inventory: Invocation of numerous other tools and skills (e.g.,
design-discovery,ui-composition), and writing to a shared state file (design-state.md). - Sanitization: Absent; the skill does not specify any validation or filtering of user-provided project descriptions before they are passed to subsequent agents.
Audit Metadata