design-to-code
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Retrieves design context and HTML structure from arbitrary user-provided URLs using the WebFetch tool and interacts with the 21st.dev registry to source component patterns.
- [COMMAND_EXECUTION]: Uses the Bash tool to perform project filesystem operations and execute Storybook test suites (run-story-tests) to verify and self-heal generated React components.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted content from external URLs and visual designs to drive its code generation logic.
- Ingestion points: Content is retrieved via WebFetch and through multimodal analysis of user-provided screenshots.
- Boundary markers: The instructions lack specific delimiters or guidance to ignore instructions embedded within the processed designs or fetched HTML.
- Capability inventory: The agent has access to powerful tools including Bash for shell execution, Write/Edit for modifying project files, and the Agent tool for task delegation.
- Sanitization: There is no explicit sanitization or validation of the content retrieved from external sources before it is processed by the model to generate components.
Audit Metadata