update-app-design
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs routine documentation maintenance tasks using standard tools.
- [COMMAND_EXECUTION]: Uses
Bashto executepwd,stat, andgit log. These commands are used for local environment discovery and history tracking, which is consistent with the skill's purpose. - [DATA_EXPOSURE]: Accesses project configuration files (
package.json) and internal documentation (.claude/rules/). This is necessary for the sync process and no external data transmission was found. - [PROMPT_INJECTION]: The skill processes external data (commit logs, package files) which presents a minor surface for indirect prompt injection, though no exploitable patterns are currently present.
Audit Metadata