design-system-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill's 'Audit Mode' processes user-provided UI descriptions, component code, or external data, which introduces a surface for indirect prompt injection. A malicious user could embed instructions within the code or UI description to manipulate the agent's behavior. • Ingestion points: User-supplied UI descriptions, component code, and Figma/URL content descriptions identified in 'Mode 2' (SKILL.md). • Boundary markers: The prompt lacks explicit delimiters or specific 'ignore embedded instructions' warnings for external content. • Capability inventory: The agent utilizes 'Read', 'Grep', and 'Glob' tools (SKILL.md) which allow interaction with the local file system. • Sanitization: No input validation or filtering of user-provided content is defined in the skill logic.
Audit Metadata