design-minigame
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool primarily to execute a local utility
find-artifacts. This tool is used to resolve and retrieve project-specific context (such as brand identity or product data) from the local repository. The usage is scoped to environment discovery and does not involve executing arbitrary user-provided shell commands. - [PROMPT_INJECTION]: The skill processes external data from project artifacts and user inputs. While this presents an indirect prompt injection surface, the skill implements a multi-agent validation process including a 'Critic' agent. This agent specifically audits the output against a rubric for 'honest mechanics' and 'dark patterns', providing a robust internal check against malicious or deceptive instructions potentially embedded in the source material.
- [SAFE]: No network exfiltration, hardcoded credentials, obfuscation techniques, or remote code execution patterns were found. The skill is constrained to generating Markdown documentation within a specified local path.
Audit Metadata