design-reference
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute a local Node.js script (assemble.js) to combine the generated application logic with a base template. This is a standard functional requirement for the skill's build process. - [PROMPT_INJECTION]: The skill processes user-provided HTML files (
design.html), which creates an indirect prompt injection surface. Maliciously crafted design files could contain instructions in comments or hidden elements intended to influence the AI's behavior during the transformation process. - Ingestion points: Reads the content of
design.htmlusing theReadtool. - Boundary markers: Not explicitly defined in the prompt instructions for isolating the untrusted file content.
- Capability inventory: The skill has permissions for
Read,Write,Bash, andAskUserQuestiontools. - Sanitization: The instructions direct the agent to perform literal mechanical transformations (e.g., class to className) and avoid interpretation, which serves as a procedural control to reduce the risk of following instructions embedded within the source HTML.
Audit Metadata