octocode-design
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local MCP tools (localViewStructure, localFindFiles, localSearchCode, localGetFileContent) to perform codebase discovery. This is standard behavior for its intended purpose of extracting existing design patterns from a project.
- [EXTERNAL_DOWNLOADS]: Contains numerous references and links to reputable design resources and component libraries, including shadcn/ui, Material UI, daisyUI, and React Three Fiber. These are used for documentation and pattern reference rather than runtime code execution.
- [DATA_EXPOSURE]: Analyzes project file content to build an inventory of UI tokens and components. This access is scoped to the project environment and is necessary for the skill's primary function of generating project-aware design documentation.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests untrusted code from the project being analyzed.
- Ingestion points: localGetFileContent and localSearchCode are used to read project files (referenced in SKILL.md and existing-project.md).
- Boundary markers: None explicitly defined to separate project content from the agent's instructions.
- Capability inventory: Subprocess calls are limited to the listed Octocode MCP tools for file and repository inspection; the primary output is a markdown file (DESIGN.md).
- Sanitization: No explicit sanitization or filtering of project content is mentioned before it is processed by the agent.
Audit Metadata