extract-saas-design
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of ingesting and analyzing untrusted codebase content.
- Ingestion points: The agent reads project files including .tsx, .jsx, .css, and configuration files from the local workspace to identify styling patterns and tokens.
- Boundary markers: The skill instructions lack specific requirements for using delimiters or defensive prompts to isolate and ignore potentially malicious instructions embedded in code comments or data within the analyzed files.
- Capability inventory: The skill uses system commands like grep and find to access file contents and produces multiple output markdown files in the .design-soul/ directory.
- Sanitization: There is no defined process for sanitizing or validating the extracted content before it is interpolated into the design documentation templates.
Audit Metadata