design-critique
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads design principles and anti-pattern checklists from a directory in the user's home folder (
~/.claude/skills/minoan-frontend-design/). This is used to guide the assessment process. - [INDIRECT_PROMPT_INJECTION]: The skill processes project source code (HTML, CSS, JS/TS) and configuration files which could contain untrusted content. The risk is mitigated by the skill's report-only nature.
- Ingestion points: Project source files,
.design-context.md, and.design-critique/ignore.md. - Boundary markers: Absent.
- Capability inventory: File system read (source files), File system write (report generation in
.design-critique/), and Browser automation (visual inspection). - Sanitization: No explicit sanitization or escaping of ingested source code was identified.
Audit Metadata