lean-ux-canvas
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: Security analysis found no evidence of malicious patterns, obfuscation, or persistence across the skill files.
- [EXTERNAL_DOWNLOADS]: The skill references informational links to the framework author's official website (jeffgothelf.com) and a PDF template. These are standard educational resources and do not involve executable code.
- [PROMPT_INJECTION]: Conducted analysis of the indirect prompt injection surface. The ingestion point is located in SKILL.md (Step 0) where user context is gathered. No exploitable capabilities such as file system access or shell execution are present in the skill, and no boundary markers are specified.
- [NO_CODE]: The skill is composed entirely of Markdown guidance and templates with no associated scripts, binaries, or dependency manifests.
Audit Metadata