design-implementation-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through the analysis of external web content.
- Ingestion points: The agent is instructed to use 'agent-browser open [url]' to load external implementations, which brings untrusted data into the context.
- Boundary markers: There are no explicit instructions or delimiters provided to ensure the agent ignores instructions found within the implementations being reviewed.
- Capability inventory: The agent has access to 'agent-browser' for screenshots/snapshots and the 'Figma MCP' for design data retrieval.
- Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the browser.
Audit Metadata