running-design-reviews
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (INFO): The skill consists entirely of Markdown templates and instructional text. There are no executable scripts (Python, JavaScript, etc.) or configuration files that trigger code execution.
- SAFE (SAFE): Analysis of the instructions and templates revealed no evidence of prompt injection, data exfiltration, or obfuscation. The skill explicitly instructs users not to request secrets or credentials.
- INDIRECT_PROMPT_INJECTION (INFO): While the skill ingests external data (design artifact links and project context), it possesses no side-effect capabilities such as network access or shell execution. The output is restricted to Markdown documentation, presenting a negligible risk surface.
Audit Metadata