impeccable-onboard
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process user-provided context (e.g., product descriptions) to generate onboarding designs. Ingestion points: User-provided 'command arguments' and 'context' (SKILL.md). Boundary markers: Absent. Capability inventory: None; the skill lacks any command execution, file modification, or network capabilities. Sanitization: Absent. The risk is limited to textual output generation.
- [Prompt Injection] (SAFE): Use of directive language such as 'CRITICAL' and 'NEVER' pertains strictly to user experience design principles and does not attempt to circumvent AI safety filters or system-level instructions.
- [Data Exposure & Exfiltration] (SAFE): No access to sensitive local files, environmental variables, or hardcoded credentials was identified.
- [External Downloads] (SAFE): Several frontend libraries (e.g., Intro.js, Tippy.js) are referenced as implementation suggestions for the user, but the skill itself does not include logic to download or execute external code.
Audit Metadata