design-express

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill instructions do not contain any evidence of malicious intent, unauthorized command execution, or credential exfiltration. All referenced tools and skills are consistent with the vendor's internal ecosystem.
  • [PROMPT_INJECTION]: The skill possesses a standard attack surface for indirect prompt injection by design, as it must process untrusted external screenshots and URLs for critique and building.
  • Ingestion points: SKILL.md (Sections A1 and A3/B3) describe reading images and loading URLs using browser and Figma tools.
  • Boundary markers: Not explicitly present in the instructions provided to the agent for data processing.
  • Capability inventory: The skill utilizes figma-bridge and browser tooling to fetch and render content, and references other internal skills like design-review and design-discovery for handoffs.
  • Sanitization: While no technical sanitization is described, the skill instructions mandate a 'Verify, don't eyeball' policy, requiring the agent to measure data (e.g., contrast ratios) rather than trusting claims found within the design, which mitigates certain types of indirect injection attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:38 AM
Security Audit — agent-trust-hub — design-express