claude-design
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from a local repository (such as theme files, source code, and documentation) to inform design decisions. This creates a surface for indirect prompt injection where malicious instructions embedded in those files could influence the agent's output.
- Ingestion points: Local repository files (Markdown, HTML, CSS, JS, TS, JSON, and SVG).
- Boundary markers: Absent. The instructions do not define specific delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: File system write access (creating and versioning HTML/CSS artifacts).
- Sanitization: Absent. The skill focuses on design logic and does not include explicit validation or sanitization of content read from files.
- [SAFE]: The skill includes strong recommendations for security and stability, such as pinning versions for external CDN-hosted scripts and avoiding unpinned dependencies.
- [SAFE]: Instructions regarding ignoring hosted-only Claude Design tools are functional requirements for runtime compatibility and do not constitute a bypass of agent safety guidelines.
Audit Metadata