lp-brief

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes tools like Bash, Grep, and Glob for the legitimate purpose of project stack detection (e.g., inspecting package.json or framework configuration files). This is necessary to tailor the generated implementation prompts to the project's environment.
  • [DATA_EXPOSURE]: Access to local files is restricted to specific marketing and brand artifacts (e.g., BRAND.md, icp-research.md). No access to sensitive system files or credentials (like .env or .ssh) was observed.
  • [PROMPT_INJECTION]: The skill incorporates robust 'What NOT to Do' sections and critical gates that enforce compliance with brand and conversion principles. No evidence of malicious instruction overrides or safety bypass attempts was found.
  • [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted external CDNs (Cloudflare, Unpkg) for common web development libraries (GSAP, Lenis) within its generated code templates. These references are standard for the industry and do not involve executing untrusted remote code during the skill's own runtime.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 04:44 PM
Security Audit — agent-trust-hub — lp-brief