refero-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The README correctly uses placeholders () for API authentication configuration, following security best practices.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill utilizes the Refero MCP server to fetch external design data and guidance. 1. Ingestion points: Data is ingested via tools such as refero_search_screens_tool (defined in references/mcp-tools.md). 2. Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are provided in the references. 3. Capability inventory: No scripts with file-write or subprocess capabilities are included in any skill file. 4. Sanitization: No explicit sanitization or validation of the API response is defined.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill is installed from a GitHub repository; however, content analysis confirms the repository consists strictly of safe markdown and configuration files.
- [PROMPT_INJECTION] (SAFE): The design guides (e.g., references/anti-ai-slop.md) use strong instructional language focused on visual styling and does not attempt to bypass agent safety filters or core rules.
Audit Metadata