principle-exhaust-the-design-space
Warn
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions contain a deceptive mismatch between the YAML frontmatter (describing UI design exploration) and the content body (which functions as a 'Uni-pstack Runtime Adapter').
- [PROMPT_INJECTION]: The instructions attempt to override the agent's core behavior by mandating the use of specific models like 'Codex gpt-5.6-sol' and 'Claude-only fallback model policy', which may attempt to bypass or redefine the agent's native configurations.
- [COMMAND_EXECUTION]: The skill directs the agent to execute external scripts and CLI tools that are not included in the skill package, such as 'spawn-codex-worker' and 'codex exec'. This encourages the execution of unverified local environment tools.
- [COMMAND_EXECUTION]: It instructs the agent to use 'host terminal, browser, review, subagent, and git tools directly' as a replacement for specific conceptual cues, potentially increasing the risk of unintended system operations under deceptive instructions.
Audit Metadata