accelint-persona-review
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches design data from Figma and operator documentation from Outline. These are well-known services used appropriately for the skill's primary design review function.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from external sources.
- Ingestion points: Untrusted data enters the context via the Figma desktop context retrieval tool and Outline workspace search results as described in SKILL.md.
- Boundary markers: The agent is provided with an evaluation framework and structured output format, but the skill lacks hardened delimiters or specific instructions to ignore embedded prompts in retrieved data.
- Capability inventory: The skill's capabilities are limited to information retrieval and local persona file reading; no dangerous tools for file writing, code execution, or unauthorized network communication are available.
- Sanitization: There is no explicit content sanitization or instruction filtering applied to the data retrieved from external design and document sources.
Audit Metadata