onboard
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The skill uses instructional markers like 'CRITICAL' and 'IMPORTANT' to emphasize design principles (e.g., getting users to value quickly), not to override agent safety protocols or system instructions.
- COMMAND_EXECUTION (SAFE): No shell commands or system-level execution patterns were detected. The skill is entirely text-based documentation.
- DATA_EXFILTRATION (SAFE): No network requests, sensitive file access, or credential patterns were found. Code snippets provided are examples for frontend developers (e.g., localStorage usage) and are not executed by the agent.
- EXTERNAL_DOWNLOADS (SAFE): The skill mentions popular UI libraries (Tippy.js, Intro.js, etc.) as recommendations for implementation, but does not attempt to download, install, or execute them.
- INDIRECT_PROMPT_INJECTION (SAFE): While the skill accepts a 'target' argument, it lacks the technical capabilities (file writing, network access, or command execution) required to manifest a security threat from untrusted input.
Audit Metadata