Skills
skills/teambrilliant/dev-skills/design-language/Gen Agent Trust Hub

design-language

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from external sources and local files.
  • Ingestion points: Reads content from external Figma URLs, live website URLs, and local component files (SKILL.md Mode 1 and Mode 2).
  • Boundary markers: The instructions do not define explicit delimiters or 'ignore embedded instructions' warnings when passing extracted data to sub-agents for observation distillation.
  • Capability inventory: The skill has access to browser-side script execution (evaluate_script), Figma metadata extraction, and local file reading/diffing capabilities.
  • Sanitization: No validation or sanitization of the content retrieved from URLs or Figma nodes is performed before it is analyzed by the agent or sub-agents.
  • [REMOTE_CODE_EXECUTION]: The skill uses the mcp__plugin_chrome-devtools-mcp_chrome-devtools__evaluate_script tool to execute JavaScript within the context of external URLs provided by the user. While the intended use is to extract computed styles, this represents a code execution capability on remote targets.
  • [COMMAND_EXECUTION]: The skill executes git log commands to check the last-modified timestamp of docs/design.md for its 'Staleness guard' feature.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 10:34 AM
Security Audit — agent-trust-hub — design-language