design-referral

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill and its associated agents (architect, economist, copywriter, critic) are well-defined and focused on their specific domain of growth engineering. No suspicious instructions, safety bypasses, or behavior overrides were detected.
  • [SAFE]: The bootstrap script (scripts/bootstrap-experience.ts) is a utility for setting up local project directories for user experience storage. It includes security checks to prevent directory traversal and symlink-based attacks, using atomic file operations.
  • [SAFE]: Data handling is restricted to the local project environment. The skill accesses standard marketing and research artifacts as intended by its design, without any evidence of credential harvesting or exfiltration.
  • [PROMPT_INJECTION]: The skill processes data from research artifacts and user responses, presenting a theoretical surface for indirect prompt injection. This risk is effectively mitigated by the orchestration protocol, which requires context reflection (summarization) and utilizes a dedicated 'critic' agent to score all outputs against a strict, quantitative rubric before delivery.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — design-referral