design-principles
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard utilities like git, ls, and grep to perform structural analysis and search for patterns within the local codebase.
- [EXTERNAL_DOWNLOADS]: The skill references npx markdownlint-cli to ensure the generated audit report follows markdown best practices. This involves downloading the linter from the NPM registry, which is a well-known and trusted service.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted codebase files during the audit process.
- Ingestion points: Source code files across the entire repository being audited.
- Boundary markers: The skill instructions demand specific file:line evidence for each finding, focusing the agent on objective code patterns.
- Capability inventory: The skill is limited to reading the local filesystem and writing the final DESIGN_AUDIT.md report.
- Sanitization: The agent runs markdownlint on the generated report to validate the structure of the output before presentation.
Audit Metadata