design-and-user-experience-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary purpose is to provide UI/UX guidelines. All instructions and scripts are consistent with this stated goal and do not contain malicious code or obfuscation.
- [COMMAND_EXECUTION]: The SKILL.md file defines a memory protocol that instructs the agent to execute a cat command to read its own memory file at .claude/context/memory/learnings.md. This is a standard operation for maintaining learning context across agent sessions.
- [PROMPT_INJECTION]: The research requirements document identifies a surface for indirect prompt injection via tools like Exa and WebFetch. 1. Ingestion points: External data enters the agent context through search engine results and web fetches as described in references/research-requirements.md. 2. Boundary markers: No specific delimitation or instruction-override protection is defined for this external data. 3. Capability inventory: The skill manifest defines Read, Write, and Edit tool capabilities. 4. Sanitization: There is no mention of sanitizing or validating the output from the research tools. This represents a standard surface for research-oriented skills.
Audit Metadata