designlint
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill serves as a comprehensive design framework and contains no malicious logic, persistence mechanisms, or unauthorized data access commands. All reference code snippets are standard UI implementation patterns for web and mobile platforms.\n- [PROMPT_INJECTION]: The skill's 'Audit Mode' provides a surface for indirect prompt injection.\n
- Ingestion points: Data is ingested through user-provided URLs, screenshots, and code snippets during the interface review phase (SKILL.md, Step A1).\n
- Boundary markers: The protocol mandates a 'Design Brief' comment block (Phase 2), though it lacks specific instructions to ignore malicious directives embedded in the audited data.\n
- Capability inventory: The skill generates code for multiple frontend platforms (web, iOS, Android) and uses the agent's file-system capabilities to apply UI improvements (SKILL.md, Phase 3).\n
- Sanitization: No specific content sanitization or instruction-filtering is defined for the audited source material, although the mandatory human critique phase (Phase 5) serves as a validation layer.\n- [EXTERNAL_DOWNLOADS]: The skill references trusted external services, including Google Fonts and Adobe Fonts, and utilizes the 'npx' package runner for installation (README.md, archetypes.md). These references are legitimate and target well-known design resource domains.
Audit Metadata