design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
geminiCLI tool to perform research on current UI/UX libraries and uses theopencommand to launch the generateddesign-catalog.htmlfile in the user's default browser. - [EXTERNAL_DOWNLOADS]: The visual catalog generated by the skill incorporates external scripts and stylesheets from well-known services, specifically Tailwind CSS via
cdn.tailwindcss.comand daisyUI viacdn.jsdelivr.net. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its reliance on untrusted external data and local project files.
- Ingestion points: Live research results obtained from the
geminiCLI or WebSearch, as well as local configuration files likebrand.yaml,tailwind.config.ts, andDESIGN_MEMORY.md(specifically within fileSKILL.md). - Boundary markers: No delimiters or safety instructions are provided to the agent to distinguish between its own logic and the instructions potentially embedded in the ingested research data or project files.
- Capability inventory: The skill has the ability to write files to the project root (
design-catalog.html, component directories), execute shell commands (gemini,open), and invoke secondary tools (/visual-qa,/design-tokens). - Sanitization: There is no evidence of sanitization or validation performed on the research results or project file contents before they are used to generate code or HTML.
Audit Metadata