design-brief
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard design documentation tool that operates locally and performs its stated functions without any malicious activity.- [DATA_EXFILTRATION]: The skill scans local project files including CSS, Tailwind configurations, and package.json to extract design tokens. This data access is limited to the local codebase and is used solely for the internal logic of generating a design brief. No data is transmitted to external servers or non-whitelisted domains.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing data from local files that could be controlled by third parties.
- Ingestion points: Local CSS, configuration files, and package.json.
- Boundary markers: Absent.
- Capability inventory: Local file writing (limited to .design/ directory).
- Sanitization: Absent. The risk is assessed as safe because the skill's output is limited to static Markdown documentation and does not trigger executable code or network operations.
Audit Metadata