design-an-interface

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by interpolating untrusted user data into prompts for sub-agents.
  • Ingestion points: User-provided module descriptions and gathered requirements are directly inserted into sub-agent prompt templates in SKILL.md.
  • Boundary markers: The prompt templates do not utilize clear delimiters or instructions for sub-agents to ignore potentially malicious content within the user-provided module description.
  • Capability inventory: The skill utilizes the Task tool to spawn sub-agents. Based on the provided code, these sub-agents are restricted to generating interface designs and trade-offs rather than executing system-level commands.
  • Sanitization: There is no evidence of input validation or sanitization to prevent an attacker from including instructions in the module description that could influence the sub-agents' behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 10:47 AM
Security Audit — agent-trust-hub — design-an-interface