design-critique

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill reads design principles and anti-pattern checklists from a directory in the user's home folder (~/.claude/skills/minoan-frontend-design/). This is used to guide the assessment process.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes project source code (HTML, CSS, JS/TS) and configuration files which could contain untrusted content. The risk is mitigated by the skill's report-only nature.
  • Ingestion points: Project source files, .design-context.md, and .design-critique/ignore.md.
  • Boundary markers: Absent.
  • Capability inventory: File system read (source files), File system write (report generation in .design-critique/), and Browser automation (visual inspection).
  • Sanitization: No explicit sanitization or escaping of ingested source code was identified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:38 PM
Security Audit — agent-trust-hub — design-critique