Brainstorming Ideas Into Designs
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No malicious override or bypass markers (such as 'Ignore previous instructions' or 'DAN') were detected. The skill uses natural instructional language to guide the AI's behavior.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network request patterns (e.g., curl, fetch) are present. The mention of 'checking current project state' is a standard local context operation for agents.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install any external packages or execute remote scripts. It references other internal skills by path, which is a standard organizational pattern rather than a security risk.
- Indirect Prompt Injection (SAFE): While the skill ingests user-provided descriptions, it lacks exploitable capabilities (like file writing or shell execution) within its own definition. The risk surface is negligible as it is primarily a conversational dialogue tool.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or homoglyphs were found. The content is transparent and human-readable.
Audit Metadata