api-design-coach
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is designed as a purely conversational interrogation tool. It includes 'Hard Refusals' that prevent the agent from generating code, contracts, or specific naming suggestions, which significantly reduces the attack surface for code-based exploits.
- [DATA_EXFILTRATION]: There are no indicators of data exfiltration. The skill mentions using
SKILL_MEMORY.mdto record the caller's context, which is a standard local persistence mechanism for maintaining state across turns within the agent's environment. - [PROMPT_INJECTION]: The skill does not contain instructions that attempt to bypass AI safety guardrails or override system-level constraints. Instead, it enforces strict behavioral limits on itself to ensure it remains in a coaching role.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided descriptions of API designs and goals. While it does not utilize specific boundary markers for this untrusted data, the risk is mitigated by the fact that the skill has no capability to execute commands, write files beyond its own memory, or make network requests based on that input.
Audit Metadata