design-review
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as live URLs and source code files, which constitutes a vulnerability to indirect prompt injection where malicious instructions embedded in the artifacts could influence the agent's behavior.
- Ingestion points: The skill reads artifacts directly from live URLs (using browser tools) and local code/markup files (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters defined to isolate the artifact content or warn the agent to ignore instructions contained within the evaluated materials.
- Capability inventory: The skill has the ability to read files, access the network via browser tools for screenshots, and dispatch tasks to other agents including 'design-builder', which has write capabilities (SKILL.md).
- Sanitization: No sanitization, validation, or filtering of the ingested content is specified before the material is processed by the review agents.
Audit Metadata