brand-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow that ingests untrusted project-specific data which is then processed by sub-agents to generate code and documentation. \n
- Ingestion points: Untrusted data is loaded from the project directory, specifically from
{BRAND_PATH}/BRIEF.md,{BRAND_PATH}/identity/INDEX.md, and{BRAND_PATH}/strategy/INDEX.md. \n - Boundary markers: The process lacks specific boundary markers or 'ignore' instructions when interpolating this untrusted data into the prompt context for the
gsp-system-architectagent. \n - Capability inventory: The skill and the spawned architect agent have access to powerful tools including
Write,Bash, andAgent, creating a significant capability tier that could be targeted by instructions hidden in the brand brief. \n - Sanitization: No sanitization, validation, or structural escaping is applied to the markdown and JSON content loaded from the branding files before it is used to influence the generation of the design system components and principles.
Audit Metadata