design-md-format
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the @google/design.md package from the official NPM registry. This package originates from a trusted organization scope.\n- [COMMAND_EXECUTION]: Provides standard CLI commands for validation, comparison, and format conversion of design specification files using npx.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of user-controlled DESIGN.md files, creating an indirect prompt injection surface where instructions could be embedded in design rationale.\n
- Ingestion points: Content from DESIGN.md files (YAML tokens and Markdown prose) is read and interpreted by the agent to understand design systems.\n
- Boundary markers: The instructions do not define specific markers or delimiters to ignore embedded instructions within the ingested file content.\n
- Capability inventory: The skill utilizes CLI tools that perform file system reads and can output to files via standard shell redirection.\n
- Sanitization: No sanitization or validation of the human-readable Markdown rationale is specified before processing.
Audit Metadata