designing-layouts
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No prompt injection or behavior override patterns detected in SKILL.md or reference files.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets, credentials, or sensitive file paths were found. The skill does not perform any network operations.
- Obfuscation (SAFE): All provided files contain clear-text, well-structured code and documentation with no signs of encoding or hidden characters.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The utility scripts rely exclusively on Node.js built-in modules ('fs', 'path'). No external package dependencies or remote code downloads were found.
- Indirect Prompt Injection (SAFE): While 'scripts/generate_breakpoints.js' accepts external input via CLI arguments, the script's capabilities are restricted to generating CSS/JS content from hardcoded templates. No exploitable vulnerabilities were identified.
- Ingestion points: '--output' CLI argument in 'scripts/generate_breakpoints.js'.
- Boundary markers: Absent.
- Capability inventory: Local file write via 'fs.writeFileSync'.
- Sanitization: Path sanitization is absent, but output content is limited to safe templates.
- Metadata Poisoning (SAFE): Metadata fields are descriptive and contain no executable or malicious content.
- Dynamic Execution (SAFE): No use of eval(), exec(), or unsafe deserialization of untrusted data.
Audit Metadata