refero-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: Technical analysis reveals no malicious code, obfuscation, or unauthorized network activity within the skill's documentation. The content is focused on providing professional design guidance.
- [NO_CODE]: The skill does not distribute any executable code, scripts, or binaries. It is comprised entirely of Markdown files used for prompting and reference material.
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to connect to an external Model Context Protocol (MCP) server at https://api.refero.design/v1/mcp for design research data. This service belongs to the vendor and is a core component of the skill's functionality.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection via the ingestion of external UI data from the Refero API. Evidence chain: 1. Ingestion points: refero_get_screen_tool and refero_get_flow_tool in SKILL.md. 2. Boundary markers: The prompt uses a structured 'RESEARCH SUMMARY' block but lacks explicit delimiters for untrusted content. 3. Capability inventory: Design synthesis and pattern extraction (no high-privilege operations like file system writes or code execution). 4. Sanitization: No explicit content filtering is defined in the instructions.
Audit Metadata