design-os
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it collects raw user input (e.g., product vision, feature descriptions) and embeds it into generated prompt files for implementation agents.
- Ingestion points: Raw input is gathered via the
/product-visionand/shape-sectioncommands. - Boundary markers: The generated templates in
references/export.md(e.g.,one-shot-prompt.md) do not currently use explicit delimiters to isolate user-provided text from agent instructions. - Capability inventory: The skill performs file system write operations to create documentation and source code in the
product/,src/, andproduct-plan/directories. - Sanitization: No explicit validation or sanitization of user-provided content is performed before incorporation into exported artifacts.
- [COMMAND_EXECUTION]: The skill manages project files and packages the output into a ZIP archive (
product-plan.zip) during the export phase, which utilizes system-level file management utilities.
Audit Metadata