design-md
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto fetch and execute the@google/design.mdpackage from the npm registry. This is an official tool provided by a trusted organization (Google) for managing design specifications. - [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands (e.g.,
npx -y @google/design.md lint DESIGN.md) to validate and export design tokens. These operations are limited to project-local design files. - [PROMPT_INJECTION]: The skill processes
DESIGN.mdfiles which may be provided by untrusted sources. This creates an attack surface for indirect prompt injection if the file contains malicious instructions intended to manipulate the agent during the linting or export workflow. - Ingestion points:
DESIGN.mdcontent read from the project root viaread_fileor user input. - Boundary markers: No specific delimiters or "ignore previous instructions" warnings are configured for the data ingestion.
- Capability inventory: The agent can write files (
write_file) and execute CLI tools (npx). - Sanitization: The skill relies on the structure-based parsing of the
@google/design.mdCLI tool to interpret the file content.
Audit Metadata