design-review

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as live URLs and source code files, which constitutes a vulnerability to indirect prompt injection where malicious instructions embedded in the artifacts could influence the agent's behavior.
  • Ingestion points: The skill reads artifacts directly from live URLs (using browser tools) and local code/markup files (SKILL.md).
  • Boundary markers: There are no explicit instructions or delimiters defined to isolate the artifact content or warn the agent to ignore instructions contained within the evaluated materials.
  • Capability inventory: The skill has the ability to read files, access the network via browser tools for screenshots, and dispatch tasks to other agents including 'design-builder', which has write capabilities (SKILL.md).
  • Sanitization: No sanitization, validation, or filtering of the ingested content is specified before the material is processed by the review agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:38 AM
Security Audit — agent-trust-hub — design-review