design-ai-tools
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of a markdown file (
SKILL.md) with instructions and metadata. No executable scripts (.sh, .py, .js) or binaries are included. - PROMPT_INJECTION (SAFE): The instructions focus on grounding the agent's behavior in specific reference files (
references/patterns.md, etc.). There are no attempts to bypass safety filters, extract system prompts, or implement 'jailbreak' logic. - EXTERNAL_DOWNLOADS (SAFE): No external URLs, package managers (pip/npm), or remote download commands are present.
- DATA_EXFILTRATION (SAFE): There are no commands that access sensitive user data (e.g., SSH keys, AWS credentials) or perform network requests to external domains.
- INDIRECT PROMPT INJECTION (SAFE): While the skill references external data files, it lacks the execution capabilities (subprocess, network, file writes) required to exploit such an attack surface.
Audit Metadata