system-design
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill explicitly instructs the agent to "ALWAYS search for existing solutions before writing custom code" and "Check npm for existing libraries." If the agent possesses the capability to install packages, this instruction could lead to the automated download and execution of untrusted or malicious third-party code via package managers. While common in manual development, this is a significant risk for autonomous agents without strict dependency verification.
- PROMPT_INJECTION (SAFE): No instructions found that attempt to bypass safety filters, override system-level constraints, or extract system prompts. The language is strictly focused on software architecture and design principles.
- DATA_EXFILTRATION (SAFE): No commands or patterns were detected that attempt to access sensitive files (~/.ssh, .env, etc.) or transmit data to external domains.
- COMMAND_EXECUTION (SAFE): The skill does not contain direct commands for shell execution, though it encourages the search for external libraries which may lead to command execution in a downstream task.
Audit Metadata