design-express
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions do not contain any evidence of malicious intent, unauthorized command execution, or credential exfiltration. All referenced tools and skills are consistent with the vendor's internal ecosystem.
- [PROMPT_INJECTION]: The skill possesses a standard attack surface for indirect prompt injection by design, as it must process untrusted external screenshots and URLs for critique and building.
- Ingestion points:
SKILL.md(Sections A1 and A3/B3) describe reading images and loading URLs using browser and Figma tools. - Boundary markers: Not explicitly present in the instructions provided to the agent for data processing.
- Capability inventory: The skill utilizes
figma-bridgeand browser tooling to fetch and render content, and references other internal skills likedesign-reviewanddesign-discoveryfor handoffs. - Sanitization: While no technical sanitization is described, the skill instructions mandate a 'Verify, don't eyeball' policy, requiring the agent to measure data (e.g., contrast ratios) rather than trusting claims found within the design, which mitigates certain types of indirect injection attacks.
Audit Metadata