identity-system
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The instructions contain specific constraints for brand identity, such as avoiding certain fonts. While these use authoritative language, they are functional design rules rather than attempts to subvert agent safety.
- [EXTERNAL_DOWNLOADS]: The skill templates reference Google Fonts (fonts.googleapis.com) for typography. These are well-known, trusted resources for web assets and do not present a security risk.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of user-supplied brand briefs. 1. Ingestion points: User input for sector, personality, and audience captured during the Phase 0 brief in SKILL.md. 2. Boundary markers: Absent; the templates in references/templates/design-system-template.md use simple bracketed placeholders without delimiters or instructions to ignore embedded commands. 3. Capability inventory: The agent writes a design-system.md file to the project root based on this input. 4. Sanitization: No validation or sanitization is performed on user strings before they are written to the file system.
Audit Metadata