prototype
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to modify project-level configuration files such as
package.json,Makefile,justfile, andpyproject.tomlto add new scripts for running the prototypes locally. - [PROMPT_INJECTION]: The skill generates code based on user-provided design descriptions, creating a surface for indirect prompt injection where malicious instructions could potentially be embedded in design requests.
- Ingestion points: User prompts containing design requirements or requests like "prototype this" are used to drive code generation (SKILL.md).
- Boundary markers: Absent; the instructions do not specify delimiters or markers to isolate user input from the generation logic.
- Capability inventory: The skill facilitates the creation of executable terminal shells, UI components, and the modification of environment-level task runners (LOGIC.md, UI.md).
- Sanitization: Absent; the instructions do not require the agent to sanitize or validate user-provided requirements before incorporating them into the generated source code.
Audit Metadata