Skills
skills/phrazzld/claude-config/design-md/Gen Agent Trust Hub

design-md

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted external data.
  • Ingestion points: The skill downloads and parses HTML source code and screen metadata from Stitch projects via the web_fetch tool.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the design system instructions and potentially malicious instructions embedded within the target project's HTML comments or content.
  • Capability inventory: The agent possesses Write permissions to create or overwrite DESIGN.md files and web_fetch permissions to access external URLs.
  • Sanitization: There is no evidence of sanitization or filtering of the ingested HTML content before it is processed by the LLM.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to retrieve project assets.
  • Evidence: It uses web_fetch to download HTML and images from downloadUrl locations provided by the Stitch MCP tools. These resources are hosted on official Google infrastructure (stitch.withgoogle.com), which is a well-known and trusted service provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 02:26 PM