design-engineering
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily consists of Markdown documentation providing detailed design principles and implementation workflows. No malicious patterns or security risks were identified.
- [DATA_EXPOSURE]: The skill does not access sensitive credentials or environment variables. It defines a protocol for gathering design context by reading project-specific files like
.impeccable.md, which is a legitimate and standard practice for context-aware agents. - [COMMAND_EXECUTION]: The skill includes a helper script
scripts/check-updates.py. This script is intended for maintenance tasks such as verifying file integrity and checking for updates. It uses standard library modules and contains no code for unauthorized command execution or exfiltration. - [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to ingest project-specific data (READMEs, config files,
.impeccable.md). While this constitutes an attack surface for indirect prompt injection, the skill's instructions are limited to visual and interaction design tasks, and it lacks dangerous capabilities that would allow for privilege escalation or data theft. Boundary markers for this ingested data are currently absent, but the overall risk remains low.
Audit Metadata