design-systems
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instruction override patterns or safety bypass attempts were detected. The workflow follows a standard instructional path.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were found. The skill explicitly instructs the agent not to request secrets or credentials in
references/INTAKE.md. - [Obfuscation] (SAFE): All content is provided in plain text Markdown. No Base64, zero-width characters, or homoglyphs were detected.
- [Remote Code Execution] (SAFE): No external dependencies, package managers (npm/pip), or remote download commands (curl/wget) are present in the skill.
- [Indirect Prompt Injection] (LOW): The skill is designed to process untrusted user data regarding design requirements. While this represents an ingestion surface, the skill lacks the capability to execute commands, perform network operations, or access sensitive files, which effectively nullifies the risk of secondary exploitation. Evidence:
- Ingestion points: User inputs regarding product surfaces, goals, and constraints.
- Boundary markers: None specified.
- Capability inventory: Generating Markdown text; writing to files (standard agent capability).
- Sanitization: None specified.
- [Dynamic Execution] (SAFE): No use of eval, exec, or runtime code generation was identified.
Audit Metadata