design-referral
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill and its associated agents (architect, economist, copywriter, critic) are well-defined and focused on their specific domain of growth engineering. No suspicious instructions, safety bypasses, or behavior overrides were detected.
- [SAFE]: The bootstrap script (
scripts/bootstrap-experience.ts) is a utility for setting up local project directories for user experience storage. It includes security checks to prevent directory traversal and symlink-based attacks, using atomic file operations. - [SAFE]: Data handling is restricted to the local project environment. The skill accesses standard marketing and research artifacts as intended by its design, without any evidence of credential harvesting or exfiltration.
- [PROMPT_INJECTION]: The skill processes data from research artifacts and user responses, presenting a theoretical surface for indirect prompt injection. This risk is effectively mitigated by the orchestration protocol, which requires context reflection (summarization) and utilizes a dedicated 'critic' agent to score all outputs against a strict, quantitative rubric before delivery.
Audit Metadata