Skills
skills/borghei/claude-skills/agent-designer/Gen Agent Trust Hub

agent-designer

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No evidence of instructions designed to bypass AI safety guidelines or override system prompts. The skill focuses on engineering documentation and architectural patterns.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials, API keys, or sensitive file paths were found. The scripts operate exclusively on local input files provided by the user and do not perform any network operations to send data externally.
  • [OBFUSCATION]: The code is written in clear, standard Python with no use of Base64 encoding for commands, zero-width characters, homoglyphs, or other techniques designed to hide malicious intent.
  • [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The toolkit relies on standard Python libraries (json, argparse, dataclasses, etc.). While the documentation provides examples for integrating with OpenAI and Anthropic, the core scripts do not download or execute remote code at runtime.
  • [PRIVILEGE_ESCALATION]: The scripts do not use sudo, chmod, or any other commands to acquire elevated system permissions.
  • [PERSISTENCE_MECHANISMS]: There are no attempts to modify shell profiles, create cron jobs, or establish any form of persistence on the host system.
  • [METADATA_POISONING]: The skill metadata and description accurately reflect the functionality of the tools provided without misleading or malicious content.
  • [INDIRECT_PROMPT_INJECTION]: The toolkit processes user-provided JSON files (requirements, logs, descriptions).
  • Ingestion points: agent_planner.py, tool_schema_generator.py, and agent_evaluator.py all take local JSON files as input.
  • Boundary markers: The scripts use strict JSON schema-like parsing through Python dataclasses, providing implicit boundaries.
  • Capability inventory: The tools are limited to local filesystem write operations for generating reports and diagrams.
  • Sanitization: Standard JSON parsing is used, which is appropriate for the toolkit's purpose as a CLI utility.
  • [TIME_DELAYED_OR_CONDITIONAL_ATTACKS]: No logic was found that gates functionality based on specific dates, times, or environmental triggers.
  • [DYNAMIC_EXECUTION]: The scripts do not use eval(), exec(), or subprocess to execute dynamically generated code. Tool definitions generated by the planner are blueprints for architectural design, not executable scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 03:55 AM