accelint-persona-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The instructions in SKILL.md are task-oriented and do not contain any bypass attempts or malicious role-play scenarios. It provides clear guidance for the AI to maintain its persona-based analytical role.
- [Data Exposure & Exfiltration] (SAFE): The skill reads local persona profiles and accesses Figma/Outline data through standard MCP tools. There is no evidence of hardcoded credentials or data exfiltration to external domains.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from Figma designs and Outline documentation. While no active injection was detected, this represents a known attack surface where an attacker with access to those external resources could attempt to influence the agent's output.
- Ingestion points: Figma design context via MCP; Outline search results via MCP.
- Boundary markers: Not explicitly defined in the prompts for external data interpolation.
- Capability inventory: The skill is limited to reading data and providing text-based critique; it does not have write access or shell execution capabilities.
- Sanitization: No specific sanitization of external text is performed before processing.
- [Remote Code Execution] (SAFE): No remote scripts or external code dependencies are downloaded or executed. The skill relies entirely on markdown-based instructions and existing MCP infrastructure.
Audit Metadata