design-soul-saas
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its primary function is to ingest and interpret data from external codebases. An adversary could include malicious instructions in code comments or strings within the target codebase to manipulate the agent's behavior during documentation generation.\n
- Ingestion points: The skill reads multiple files from the target workspace, including globals.css and component source files (e.g., in src/components/ui/).\n
- Boundary markers: The instructions lack explicit directives for the agent to distinguish between its own system prompts and the content of the analyzed files, such as using specific delimiters or 'ignore' warnings for embedded instructions.\n
- Capability inventory: The skill leverages the Write tool to create a complex directory structure and numerous specification files in the .design-soul/ directory.\n
- Sanitization: There is no mention of sanitization or validation of the ingested source code before it is processed by the agent.\n- [NO_CODE]: The skill consists entirely of markdown instructions and configuration templates. It does not contain any executable scripts (e.g., Python or JavaScript) or binaries, which reduces the risk of direct malicious code execution within the agent environment.
Audit Metadata