design-artifact
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the agent to include external script tags for React, ReactDOM, and Babel from the unpkg.com CDN in generated HTML artifacts. This is a standard and documented practice for creating standalone, zero-dependency browser prototypes.
- [COMMAND_EXECUTION]: The skill provides example Bash commands (e.g.,
cp) for the agent to copy template files from the skill directory to the working directory. This is consistent with the skill's file-management requirements. - [DATA_EXFILTRATION]: No evidence of unauthorized network communication or access to sensitive local files (such as SSH keys or credentials) was found.
- [PROMPT_INJECTION]: The instructions in SKILL.md and the references provide clear guidelines for the agent's behavior without attempting to bypass safety filters or override system-level constraints.
- [DYNAMIC_EXECUTION]: The artifacts utilize @babel/standalone to compile JSX at runtime within the user's browser. This is an intentional design choice for this skill's use case and does not involve unsafe server-side execution.
Audit Metadata