brief
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the creation and maintenance of a design brief located at
.ui-craft/brief.md. All operations involve local file management and user interaction within the expected project scope. - [DATA_EXPOSURE]: Analysis of file operations confirms the skill only accesses its own reference files and the specific project-related path
.ui-craft/brief.md. It does not attempt to access credentials, environment variables, or sensitive system configurations. - [COMMAND_EXECUTION]: There are no executable shell commands, subprocess calls, or script execution patterns identified in the instructions. The skill utilizes standard agent capabilities for reading and writing text files.
- [PROMPT_INJECTION]: While the skill ingests untrusted user data (e.g., product descriptions or PRDs), the impact is restricted to drafting a Markdown document. The instructions include a mandatory human-in-the-loop step (Step 3: Show before writing), which allows the user to review the content for any unintended instructions before the file is modified.
Audit Metadata