extract
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety filters were detected. Phrases like 'CRITICAL' and 'IMPORTANT' are used correctly within the context of providing architectural guidance for design systems.
- [DATA_EXFILTRATION]: No network operations or access to sensitive configuration files (e.g., .ssh, .aws) were found. The skill's operations are confined to analyzing and refactoring UI-related code within a repository.
- [REMOTE_CODE_EXECUTION]: The skill does not download external scripts or packages, nor does it use dynamic execution functions like eval() or exec().
- [INDIRECT_PROMPT_INJECTION]: The skill processes local repository files to identify patterns, which technically constitutes an indirect prompt injection surface. However, it lacks high-risk capabilities like network access that could be used for exfiltration.
- Ingestion points: Local repository files analyzed during the 'Discover' phase (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: File reading and writing for code refactoring (SKILL.md).
- Sanitization: Not explicitly defined in the prompt instructions.
Audit Metadata