mobile-design
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill employs 'Anti-memorization' and 'Mandatory Protocol' instructions within its documentation to ensure the agent prioritizes specific mobile-first constraints over default training patterns.
- [COMMAND_EXECUTION]: The file
SKILL.mdreferences a Python scriptscripts/mobile_audit.pyintended for execution to perform local audits on mobile project code. - [PROMPT_INJECTION]: The
scripts/mobile_audit.pyscript presents an indirect prompt injection surface as it processes untrusted local project files. 1. Ingestion points: The script reads project files within a user-specified directory. 2. Boundary markers: No delimiters are used to isolate file content in the script's output. 3. Capability inventory: The script utilizes standard file reading and directory traversal without network access. 4. Sanitization: Data read from project files is processed directly by regular expressions without sanitization or validation.
Audit Metadata