atelier
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a structured pipeline orchestrator for design tasks, following a documented workflow from onboarding to delivery.
- [DATA_EXPOSURE]: The skill reads the local codebase to extract design tokens (e.g., CSS variables, Tailwind configurations). This data is persisted in a local directory (
.agents/design-system/) to provide a consistent design system across multiple agent sessions. - [EXTERNAL_DOWNLOADS]: Mentions the use of external services for asset generation (e.g., Gemini API, Meshy, Suno). These operations are restricted by an 'Ask First' policy, requiring explicit user consent before execution.
- [COMMAND_EXECUTION]: Delegates tasks to sub-agents using platform-specific tools like
Agentorspawn_agent. This is the core mechanism for its orchestration capabilities. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external content like codebase files and user briefs. It mitigates this risk by using structured data schemas (
DESIGN_INTENT_HANDOFF) for delegation and implementing a 'Warden' pre-check gate for major operations.
Audit Metadata