information-architecture
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate project analysis tasks, such as reading design briefs and scanning directory structures for routing patterns. It does not access sensitive system files, environment variables, or credentials.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from external files. 1. Ingestion points:
.design/*/DESIGN_BRIEF.mdand codebase directories (routing, layouts, components). 2. Boundary markers: Absent. 3. Capability inventory: File system read and local file write (Markdown). 4. Sanitization: Absent. Although the skill lacks sanitization, the risk is negligible as it lacks network access or code execution capabilities, focusing solely on markdown generation.
Audit Metadata