design-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill uses a persona ('Rams') and instructions tailored specifically for design reviews. No commands to bypass safety filters, ignore previous instructions, or extract system prompts were detected.
- [DATA_EXFILTRATION] (SAFE): The skill does not contain hardcoded credentials, sensitive file paths, or network operations targeting external domains.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no patterns involving downloading scripts (curl/wget) or executing remote code. No external dependencies are requested.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted source code for review and possesses the capability to modify files if the user accepts a fix. This creates a surface for indirect prompt injection.
- Ingestion points: File content accessed via
$ARGUMENTSor user-selected component files. - Boundary markers: Absent. The instructions do not specify delimiters to isolate external code from the agent's internal instructions.
- Capability inventory: File-read (to perform analysis) and file-write (via the offer to 'fix the issues directly').
- Sanitization: None. The agent processes the code snippets directly as provided in the file stream.
Audit Metadata