lean-text-scaffolding
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a testing script (
scripts/test_skill.py) that uses the Pythonsubprocessmodule to run the localscripts/audit_lean_text.tstool. This execution is limited to internal validation using hardcoded or temporary test fixtures and does not involve the execution of arbitrary user-supplied commands or untrusted data. - [EXTERNAL_DOWNLOADS]: The skill contains references to reputable external documentation from the Nielsen Norman Group, GOV.UK, and the World Wide Web Consortium (W3C). These are static URLs used for providing research rationale to the user and do not involve automatic downloads or remote code execution at runtime.
- [SAFE]: The core logic involves a TypeScript audit script (
scripts/audit_lean_text.ts) that scans local HTML/JSX/TSX files for text patterns. It operates entirely offline using standard Node.js file system APIs and does not perform network operations or access sensitive configuration files. - [SAFE]: Instruction files (
SKILL.md,AGENTS.md) focus exclusively on guiding the agent to generate minimal UI copy. There are no attempts to bypass safety filters or override system instructions.
Audit Metadata