design-system-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it is designed to ingest and analyze untrusted data provided by users.
- Ingestion points: The
/ui-auditmode (Mode 2) explicitly triggers on user-provided component code, screenshot descriptions, or content from live URLs. - Boundary markers: There are no explicit instructions or delimiters defined to separate user-provided content from the agent's instructions, nor are there warnings to ignore embedded instructions within that content.
- Capability inventory: The skill is restricted to file system read operations (
Read,Grep,Glob) and user interaction (AskUserQuestion). It does not possess capabilities for arbitrary code execution or external network communication. - Sanitization: No sanitization or validation logic is defined for the input data before it is processed by the agent.
Audit Metadata