design
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions for the agent to analyze external URLs and source code, creating a surface for indirect prompt injection.\n
- Ingestion points:
SKILL.mddefines workflows for analyzing content from user-specified URLs and pasted code snippets.\n - Boundary markers: The suggested prompts lack delimiters or instructions to ignore commands hidden within external content.\n
- Capability inventory: The agent can generate and modify the
instructions/design-system.mdconfiguration file.\n - Sanitization: There is no evidence of input validation or sanitization for the data retrieved from URLs or code.\n- [EXTERNAL_DOWNLOADS]: The skill directs the agent to fetch and analyze data from arbitrary external domains.\n
- Evidence: The 'From URL' section in
SKILL.mdexplicitly instructs the agent to visit and analyze third-party websites for design extraction.
Audit Metadata