Skills
skills/sirn/dotfiles/code-design-api/Gen Agent Trust Hub

code-design-api

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data which creates a surface for indirect prompt injection.
  • Ingestion points: The skill fetches web content via 'WebFetch' in 'SKILL.md' and interpolates user-provided requirements and protocols into sub-agent tasks in 'SUBAGENT.md'.
  • Boundary markers: No delimiters, markers, or explicit instructions to ignore nested commands are provided for the external data or interpolated variables.
  • Capability inventory: The skill is focused on text and specification generation and does not exhibit direct file system access, subprocess execution, or sensitive network capabilities in the provided source.
  • Sanitization: There is no evidence of input validation, escaping, or content sanitization before processing external data.
  • [NO_CODE]: No executable code, scripts, or binaries are shipped with the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 03:07 AM