sc-design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill coordinates with a Bash tool for external tool integration as described in the coordination section of SKILL.md.
- [DATA_EXFILTRATION] (LOW): The skill utilizes the Rube MCP (mcp__rube__RUBE_MULTI_EXECUTE_TOOL) to export design specifications to external platforms such as Notion, Slack, and Jira.
- [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8).
- Evidence Chain (Category 8):
- Ingestion points: System requirements and context are read using Read and Grep/Glob tools (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation.
- Capability inventory: The agent can write files, execute bash commands, and perform network-based exports via Rube MCP.
- Sanitization: There is no evidence of sanitization for ingested requirement data.
Audit Metadata