rubber-duck
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves its stated purpose as a design partner and does not contain any executable scripts, remote downloads, or credential-harvesting patterns.- [SAFE]: The skill implements a structural safety mechanism called a HARD-GATE that explicitly forbids the agent from taking implementation actions or writing code until a design has been presented and approved by the user.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its requirement to ingest untrusted data from the local codebase.
- Ingestion points: SKILL.md Workflow Step 1 (instructions to inspect relevant files, documentation, and recent commits).
- Boundary markers: Absent (no specific delimiters or instructions to ignore instructions within ingested files are provided).
- Capability inventory: The skill instructions require the agent to read file system contents but explicitly restrict write/execute capabilities via a safety gate.
- Sanitization: No sanitization or validation of codebase content is mentioned. This risk is considered negligible and part of the skill's primary intended function.
Audit Metadata