design-library
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads
DESIGN.mdfiles from the author's GitHub repository (VoltAgent/awesome-design-md). - [PROMPT_INJECTION]: The skill is designed to process third-party design configurations, creating a potential surface for indirect prompt injection. The documentation effectively mitigates this by providing specific instructions to ignore embedded agent directives and treat the content as untrusted data.
- Ingestion points: Remote
DESIGN.mdfiles fetched from theVoltAgent/awesome-design-mdrepository viacurl. - Boundary markers: Instructions explicitly mandate treating the fetched file as untrusted data and separating prose from data.
- Capability inventory: The skill uses
curlto fetch content and writes to the local file system (saving toDESIGN.mdorDESIGN.reference.md). - Sanitization: Documentation requires the agent to ignore any prose that reads like instructions and to stop/report if injected directives are found.
Audit Metadata