design-polish

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill features an indirect prompt injection surface through the ingestion of project-specific context.
  • Ingestion points: Reads data from .design-context.md and snapshots in the .design-critique/ directory.
  • Boundary markers: No explicit markers or instructions are provided to delineate untrusted data.
  • Capability inventory: The skill is capable of modifying codebase files to apply design fixes.
  • Sanitization: No validation or filtering is performed on the ingested content.
  • This surface is evaluated as a low-risk factor that is necessary for the skill's intended design-polishing functionality.
  • [EXTERNAL_DOWNLOADS]: The README references external GitHub repositories (pbakaus/impeccable and jakubkrehel/make-interfaces-feel-better) for educational and credit purposes. These are static documentation links and are not used for automated remote code execution or package installation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:39 PM
Security Audit — agent-trust-hub — design-polish