dx-design
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a well-defined, multi-step workflow for generating design documentation. It uses local CSV and Markdown files in the
references/directory to guide its logic and select appropriate playbooks. - [COMMAND_EXECUTION]: The skill includes a shell script
evals/run-static-checks.shused for development-time verification. This script executes a local Python validator and references library scripts expected to be present in the parent repository structure. This is standard practice for skill development and testing. - [DATA_EXFILTRATION]: No network operations or attempts to access sensitive system files (e.g., SSH keys, cloud credentials) were found. The skill operates entirely on its own reference data and user-provided design context.
- [PROMPT_INJECTION]: The instructions contain clear boundaries (e.g., 'Do NOT use to AUDIT or debug...') and a single-intent enforcement mechanism to prevent the agent from performing tasks outside its design-focused scope. No safety bypass attempts were detected.
- [OBFUSCATION]: All files are provided in plain text (Markdown, JSON, CSV, Bash). No encoded commands, zero-width characters, or hidden URLs were identified.
Audit Metadata