dx-design
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The identified components (prompt handling and developer scripts) are consistent with the skill's stated purpose and operate within safe boundaries.
- [PROMPT_INJECTION]: Analyzed the surface for indirect prompt injection; user prompts are used to select design playbooks, but the resulting actions are limited to local file reading and template writing, posing no significant risk. Ingestion occurs in the main user interaction loop; boundary markers and explicit sanitization are not required for this low-privilege design task.
- [COMMAND_EXECUTION]: A testing script for static verification exists in the evaluation suite. This script (evals/run-static-checks.sh) is a testing utility for developers and is not part of the runtime agent execution path.
Audit Metadata