interface-design
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Prompt Injection] (MEDIUM): The skill creates an Indirect Prompt Injection surface (Category 8) by processing untrusted project files. 1. Ingestion points:
commands/audit.mdandcommands/extract.mdinstruct the agent to read and scan project source files (.tsx, .jsx, etc.). 2. Boundary markers: No delimiters or instructions are provided to distinguish data from instructions within those files. 3. Capability inventory: The agent has the ability to read arbitrary UI files and write/update the.interface-design/system.mdfile. 4. Sanitization: There are no instructions for sanitizing or validating extracted code patterns before processing. - [Command Execution] (LOW): The skill requires the agent to perform broad file system operations, including globbing and recursive reading of project directories. While necessary for the skill's purpose, this capability could be exploited if the agent is manipulated by injected instructions in the parsed files.
Audit Metadata