banner-design
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local Python and Node.js scripts to perform specialized tasks: searching for design patterns via
.claude/skills/ai-artist/scripts/search.py, generating image assets through.claude/skills/ai-multimodal/scripts/gemini_batch_process.py, and rendering HTML designs into images using.claude/skills/chrome-devtools/scripts/screenshot.js. These operations are well-scoped within the design lifecycle. - [DATA_EXPOSURE]: The workflow involves reading local brand documentation (
docs/brand-guidelines.md) and using an internal script (inject-brand-context.cjs) to incorporate brand-specific elements into designs. This is a standard practice for maintaining design consistency and does not involve exfiltration of sensitive system data. - [EXTERNAL_DOWNLOADS]: The skill instructs the agent to research design inspiration on Pinterest. While this involves accessing external content, the interaction is limited to standard browser-based research for visual references.
- [PROMPT_INJECTION]: As the skill ingests user-provided text (headlines, subtext, and CTAs) to be placed on banners, it possesses an indirect prompt injection surface. However, this is a core requirement for a banner design utility and is considered a low-risk, expected behavior for the intended use case.
Audit Metadata