design-review
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for Indirect Prompt Injection. The skill is designed to ingest and process external data from design screens and briefs, which could contain malicious instructions meant to subvert agent behavior during the review or file-modification phases.
- Ingestion points: The skill loads target screen files and design briefs from the
outputs/screens/andoutputs/design-briefs/directories as specified in the 'Context Check' section ofSKILL.md. - Boundary markers: No explicit markers, delimiters, or instructions are provided to the agent to treat the content of these files as untrusted or to ignore any instructions embedded within them.
- Capability inventory: The skill possesses the capability to modify existing files in the project when the user chooses to 'Apply all critical fixes' or 'Generate a revised version', as described in the 'After Review' section of
SKILL.md. - Sanitization: No input sanitization, escaping, or validation steps are defined for the data processed from the design files.
Audit Metadata