screen-design
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill is restricted to generating and managing Markdown-based design documentation within a specific local directory.
- [PROMPT_INJECTION]: The skill processes user-supplied screen names and requirements, as well as existing local files (
./design/GLOBAL.md), which constitutes an indirect prompt injection surface. The impact is limited because the skill only generates Markdown files and does not have access to sensitive data or executable tools. - Ingestion points: User input for screen descriptions and names; existing design files in the
./design/directory. - Boundary markers: Absent. The agent relies on internal context to distinguish between instructions and the data being processed.
- Capability inventory: Restricted to writing Markdown files to the local
./design/directory. No network, subprocess, or privilege escalation capabilities. - Sanitization: The skill does not explicitly perform path sanitization or content filtering on inputs used for file creation.
Audit Metadata