heuristic-evaluation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill performs local file-write operations to a project-specific directory (
design/). It does not access sensitive system paths or hardcode secrets. - [Indirect Prompt Injection] (SAFE): The skill has a data ingestion surface for user-provided designs. 1. Ingestion points: User-provided screenshots and descriptions. 2. Boundary markers: Absent. 3. Capability inventory: Local file-writing via the
Writetool. 4. Sanitization: None required. - Risk Assessment: The lack of egress or execution capabilities makes this surface safe.
Audit Metadata