design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface due to its data ingestion capabilities.\n
- Ingestion points: The skill instructions in
SKILL.mdprompt the AI to analyze live applications via user-provided URLs and process external source code snippets for design extraction.\n - Boundary markers: The skill does not define clear delimiters or include warnings to ignore instructions embedded within the analyzed external content.\n
- Capability inventory: The skill allows the AI to generate and modify files, specifically
instructions/design-system.md, which then guides further code generation across the project.\n - Sanitization: There is no documentation or implementation of input sanitization for the analyzed URLs or code.\n- [EXTERNAL_DOWNLOADS]: The skill references the installation of well-known and trusted UI libraries.\n
- Evidence:
COMPONENTS.mdandDESIGN-THINKING.mdrecommend the use of established libraries such asshadcn/ui,Radix UI,Ant Design,Material UI, andMotion(framer-motion). These are documented neutrally as standard tools for the skill's primary purpose.
Audit Metadata