don-norman-principles-audit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is comprised entirely of markdown-based instructional content. No scripts, binaries, or executable code were detected in the analyzed file.
- [NO_CODE]: No Python packages, Node.js modules, or shell scripts are included, eliminating risks associated with malicious code execution or compromised dependencies.
- [PROMPT_INJECTION]: The skill defines ingestion points for untrusted data, specifically in the interface_description, screenshots_or_links, and existing_feedback fields. This represents an indirect prompt injection surface. However, the risk is assessed as safe because the skill does not define any executable tools, system commands, or network operations that could be leveraged by an attacker. Boundary markers and sanitization logic are absent, but the skill has no capability inventory.
Audit Metadata