create-brand
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several TypeScript utility scripts in the scripts/ directory designed for workspace management and manifest synchronization. These scripts use the bun runtime and incorporate security best practices, such as verifying real paths and refusing to operate on symbolic links to prevent directory traversal or file-system-based attacks.
- [EXTERNAL_DOWNLOADS]: The visual-agent and documentation reference well-known, trusted resources for typography and iconography, such as Google Fonts and Lucide icons. These are handled according to established design system protocols and do not involve the execution of external code.
- [PROMPT_INJECTION]: The skill uses an internal anti-sycophancy protocol to encourage sub-agents to provide honest and critical feedback to improve design quality. This is a functional feature of the skill's orchestration and does not represent an attempt to bypass agent safety guardrails.
Audit Metadata