overdrive
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions for a specific response format ("Entering overdrive mode..."). This is a stylistic role-play instruction rather than a malicious attempt to bypass safety guidelines.
- [DATA_EXFILTRATION]: The skill mentions accessing Device APIs (Geolocation, Ambient Light, Orientation). While these are sensitive, the skill explicitly mandates seeking user permission and using them only as progressive enhancements. No silent exfiltration patterns were found.
- [EXTERNAL_DOWNLOADS]: The instructions reference several well-known and trusted third-party web libraries. These are standard tools for the stated purpose and do not represent a supply chain risk in this context.
- [COMMAND_EXECUTION]: The skill instructs the agent to use browser automation tools for visual verification and iteration. This is a legitimate development workflow for verifying complex UI animations and shaders.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection via project context ingestion.
- Ingestion points: Project personality and goals gathered via the Context Gathering Protocol (referenced in SKILL.md).
- Boundary markers: No explicit delimiters or boundary markers are defined for the design context.
- Capability inventory: The agent can generate code and execute it via browser automation tools.
- Sanitization: No explicit sanitization of context is described.
- Note: This risk is mitigated by the mandatory requirement to propose directions and get user confirmation via 'AskUserQuestion' before implementation.
Audit Metadata