candango-design
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: The skill is configured to read project-specific documentation from
docs/agents/feature-design.md,docs/agents/feature-docs.md,AGENTS.md, andCLAUDE.md. - Boundary markers: Absent. No instructions are provided to the agent to treat the content of these files as untrusted data or to disregard embedded instructions.
- Capability inventory: The skill performs file system discovery of design assets and delegates execution to other functional UI and design skills.
- Sanitization: Absent. The content within these files is processed directly without filtering or validation to guide the agent's workflow.
- [NO_CODE]: The skill consists of Markdown and YAML configuration files and does not include any executable scripts or source code.
Audit Metadata