impeccable
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as several of its components (such as 'teach-impeccable', 'normalize', and 'extract') are designed to read and interpret content from the user's local repository to identify design patterns, tokens, and existing components. If a file in the project contains malicious instructions disguised as code or documentation, the agent might inadvertently follow those instructions during the design audit. \n
- Ingestion points: codebase scanning in 'teach-impeccable/SKILL.md' (Step 1), 'normalize/SKILL.md' (Plan Step 1), and 'extract/SKILL.md' (Discover Step 1). \n
- Boundary markers: The skill does not provide instructions to wrap ingested code in delimiters or to ignore embedded natural language instructions. \n
- Capability inventory: The skill performs file reads and writes a synthesized design context to 'AGENTS.md' in the project root. \n
- Sanitization: No sanitization or validation of the ingested codebase content is specified.\n- [COMMAND_EXECUTION]: The skill instructs the agent to use shell tools like 'grep' to search the codebase for design system documentation and component implementations. While this is a standard and necessary behavior for the skill's purpose, it involves direct interaction with the host file system based on potentially unverified patterns.
Audit Metadata