design-system-builder
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted design inputs into generated outputs.
- Ingestion points: The skill parses style descriptions, analyzes screenshots, and extracts data from Figma links to derive design system values (SKILL.md).
- Boundary markers: There are no explicit delimiters or system instructions defined to prevent the agent from obeying instructions that might be hidden within the design references.
- Capability inventory: Across all execution paths, the skill can write multiple file types to the local file system, including design-tokens.json, design-system.css, design-system.md, and design-system-preview.html (SKILL.md).
- Sanitization: No sanitization or validation of the ingested text or metadata is described, meaning instructions embedded in a design reference could be propagated to the generated documentation or preview page.
- [EXTERNAL_DOWNLOADS]: The skill and its generated outputs reference external assets from well-known technology services.
- Evidence: The skill instructions (SKILL.md) and the provided examples (examples/fintech-nexus-preview.html, examples/health-calm-preview.html, examples/sneaker-hype-preview.html) fetch font assets from Google's official font CDN (fonts.googleapis.com and fonts.gstatic.com).
Audit Metadata