design2spec
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from images, URLs, and codebase files, creating a surface for indirect prompt injection. 1. Ingestion points: Design images, screenshots, URLs, and local codebase files (SKILL.md). 2. Boundary markers: The skill uses a structured JSONC output schema but does not define delimiters for untrusted input data. 3. Capability inventory: The skill is restricted to emitting documentation and does not define capabilities for subprocess execution, file writing, or network communication. 4. Sanitization: The skill does not specify sanitization or validation routines for external content. The potential for malicious influence is limited by the non-executable nature of the output.
- [SAFE]: The skill demonstrates a security-conscious design by enforcing a specification-first approach and explicitly prohibiting implementation code generation, which mitigates risks associated with platform-specific vulnerabilities like CSP violations in browser extensions.
Audit Metadata