system-design
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide architectural guidance and generate documentation based on developer input. It does not contain any executable logic or malicious patterns.
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent not to write implementation code. No shell command execution, subprocess spawning, or dynamic evaluation patterns were found in the instructions or templates.
- [DATA_EXFILTRATION]: There are no network operations (curl, wget, fetch) or instructions to send data to external servers. The mention of 'External Integrations' is limited to a documentation template for the developer to inventory their own project's dependencies.
- [PROMPT_INJECTION]: The skill does not attempt to override safety guardrails, extract system prompts, or use deceptive role-play instructions to bypass platform constraints.
- [EXTERNAL_DOWNLOADS]: The skill does not request the download of external scripts, binary executables, or unverified packages from remote sources.
- [DATA_EXPOSURE]: File operations are restricted to reading project context and writing documentation artifacts like Architecture Decision Records (ADRs) to standard documentation paths (e.g., /docs/design/). No access to sensitive files (SSH keys, AWS credentials, environment variables) is requested.
Audit Metadata