design-brief
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it fetches external URLs and reads codebase files to extract design tokens. However, the instructions in
instructions/design.mdandinstructions/reconcile.mdexplicitly direct the agent to ignore any text or metadata that attempts to influence behavior beyond design analysis. Given the presence of these guardrails and the standard nature of the ingestion, the risk is assessed as low. - Ingestion points:
instructions/design.md(External URLs via WebFetch, local codebase files). - Boundary markers: The skill relies on instructions to ignore embedded directives rather than specific text delimiters for external data.
- Capability inventory: Write to local filesystem (
docs/design/), execute local scripts (check-contrast.py,preview-server.ts), and fetch external URLs. - Sanitization: The agent is instructed to perform semantic extraction while disregarding non-design directives.
Audit Metadata