Skills
skills/melodic-software/claude-code-plugins/adw-design/Gen Agent Trust Hub

adw-design

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill describes an architecture that processes untrusted external data, creating a surface for indirect prompt injection.
  • Ingestion points: The workflow ingest data from external sources such as GitHub issues, Notion, or Slack (referenced in Step 1 and Step 4 of SKILL.md).
  • Boundary markers: Absent. The pseudocode does not demonstrate the use of delimiters or 'ignore' instructions for the ingested data.
  • Capability inventory: The design involves executing the claude CLI via subprocesses and performing GitHub API operations (issue comments).
  • Sanitization: Absent. There is no mention of sanitizing or validating the input from the external source before it is interpolated into agent prompts.
  • [COMMAND_EXECUTION]: The 'Agent Executor Pattern' pseudocode in SKILL.md demonstrates the dynamic assembly and execution of system commands using subprocess.run. It specifically shows the interpolation of potentially untrusted prompt content directly into the arguments of the claude CLI.
  • [NO_CODE]: The skill consists exclusively of a markdown file (SKILL.md) providing documentation and design patterns. No actual script files (.py, .js, .sh) or implementation code are included in the distribution.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 03:36 AM