design-brief

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests several files that could be influenced by external actors.
  • Ingestion points: Reads project-specific data from brand/BRAND.md, brand/DESIGN.md, brand/ASSETS.md, and artifacts generated by other skills in skill-artifacts/mkt/.
  • Boundary markers: Absent; inputs are interpolated into sub-agent instructions without delimiters or clear instructions to ignore embedded commands.
  • Capability inventory: The orchestrator is configured with Bash, Edit, WebSearch, and WebFetch tools.
  • Sanitization: No validation or sanitization of the content read from files is performed before it is passed to the sub-agents.
  • [COMMAND_EXECUTION]: The skill's configuration allows the use of the Bash tool. While no malicious or arbitrary shell commands are present in the provided instructions, the presence of this tool alongside the processing of untrusted artifacts increases the potential impact of an injection attack.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — design-brief