design-explore
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses roleplay instructions and personality prompts to define agent behavior (e.g., 'You are a world-class designer').
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via multiple vectors. 1. Ingestion points: User-provided feature descriptions, product context, and external web content retrieved during company research. 2. Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used when interpolating untrusted data into sub-agent prompts. 3. Capability inventory: Agents can read project files and write to the local filesystem, including modifying primary source code (JS, CSS) during the adaptation phase. 4. Sanitization: No validation or sanitization of external input or research data is performed.
- [COMMAND_EXECUTION]: The skill performs automated modifications to project source files based on AI-generated content, creating a path for potentially compromised code to persist in the codebase.
Audit Metadata