normalize
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it requires the agent to ingest and process external data (source code and design documentation).
- Ingestion points: The agent reads project files using tools like 'grep' to find design system documentation and analyzes specific features or routes provided via the 'feature' argument.
- Boundary markers: The prompt lacks explicit instructions or delimiters to help the agent distinguish between legitimate code/data and potential instructions embedded within the files being analyzed.
- Capability inventory: The agent is empowered to perform file system searches (grep), refactor/modify existing code, and execute local development tools such as linters, type-checkers, and test runners.
- Sanitization: No sanitization, validation, or filtering is performed on the content of the files before they are processed by the agent.
Audit Metadata