design-pattern-advisor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: A detailed security audit of the 29 files, including the skill manifest and pattern references, confirms the absence of malicious logic, obfuscation, or data exfiltration attempts.
- [NO_CODE]: All files provided in the skill package are Markdown documents or Mermaid diagrams. There are no executable scripts (such as .py, .js, or .sh) or binaries included, which eliminates common attack vectors for remote code execution and persistence.
- [PROMPT_INJECTION]: The skill is designed to process untrusted user code to identify design patterns, creating an indirect prompt injection surface. However, the risk is minimal due to the skill's lack of dangerous capabilities.
- Ingestion points: Capabilities like
analyze-pattern-usageandidentify-design-smellingest untrusted content via thecodeandarchitecture_descriptionparameters. - Boundary markers: There are no explicit delimiters or boundary markers defined in the capability schemas to separate user content from system instructions.
- Capability inventory: The skill is restricted to text analysis and recommendation generation; it does not have access to sensitive system tools, file-writing operations, or network resources.
- Sanitization: No input sanitization or validation logic is specified for the code inputs.
Audit Metadata