design-md

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and execute the @google/design.md package from the npm registry. This is an official tool provided by a trusted organization (Google) for managing design specifications.
  • [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands (e.g., npx -y @google/design.md lint DESIGN.md) to validate and export design tokens. These operations are limited to project-local design files.
  • [PROMPT_INJECTION]: The skill processes DESIGN.md files which may be provided by untrusted sources. This creates an attack surface for indirect prompt injection if the file contains malicious instructions intended to manipulate the agent during the linting or export workflow.
  • Ingestion points: DESIGN.md content read from the project root via read_file or user input.
  • Boundary markers: No specific delimiters or "ignore previous instructions" warnings are configured for the data ingestion.
  • Capability inventory: The agent can write files (write_file) and execute CLI tools (npx).
  • Sanitization: The skill relies on the structure-based parsing of the @google/design.md CLI tool to interpret the file content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 02:25 PM
Security Audit — agent-trust-hub — design-md