oma-design
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides detailed design principles and a systematic workflow for defining visual languages without any detected malicious patterns or deceptive instructions.
- [EXTERNAL_DOWNLOADS]: The skill references trusted external resources, such as Google's Stitch platform (stitch.withgoogle.com) and common UI packages (shadcn/ui, Aceternity UI). These downloads are necessary for the skill's stated purpose of design implementation.
- [COMMAND_EXECUTION]: The skill instructs users on how to initialize project environments using standard commands like 'npx shadcn@latest init' and 'npx @_davideast/stitch-mcp init'. These commands are standard for the tools involved.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill promotes secure credential management by instructing users to use environment variables for API keys rather than hardcoding them in the codebase.
- [INDIRECT_PROMPT_INJECTION]: The skill contains logic to analyze external websites for design extraction. While this processes untrusted data, the risk is minimized as the data is used solely to generate a textual design specification (DESIGN.md).
Audit Metadata