design-system-enforcement
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a mandatory enforcement mechanism that requires the agent to read external files (
design-system.md) and project source code to determine UI constraints. This creates a surface for indirect prompt injection where instructions embedded in project data could influence agent behavior. - Ingestion points: The agent reads user-generated configuration files (
design-system.md) and project source files (*.tsx,*.jsx) using theReadandGreptools. - Boundary markers: There are no specified delimiters or "ignore embedded instructions" warnings when the agent ingests the design system guidelines or source code.
- Capability inventory: The skill possesses the
Bash,Write, andEdittools, allowing it to execute scripts and modify project files. - Sanitization: No sanitization or validation logic is present to filter out potential instructions or malicious patterns within the project files being processed.
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts (
setup-design-system.sh,validate-design-system.sh) to automate the creation of design guidelines and perform compliance checks on the codebase. These scripts use standard system utilities likesed,find, andgrepto perform pattern matching and file manipulation within the project directory.
Audit Metadata