skill-designer
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates entirely on local files and does not perform any network operations or sensitive data access. The primary script
scripts/build_design_prompt.pyreads local reference documents and a user-provided JSON file to generate a text-based prompt for the Claude CLI. - [COMMAND_EXECUTION]: The skill documentation provides examples of how to run the provided Python script and how to pipe its output to the
claudeCLI. These are standard development workflows and do not involve any unsafe command construction or injection vectors. - [DATA_EXPOSURE]: There is no evidence of hardcoded credentials or access to sensitive system files. The script limits its file system interaction to reading the
references/directory and listing subdirectories in theskills/folder to prevent naming collisions. - [EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads. All necessary resources (guides, checklists, and templates) are provided within the skill's own directory structure.
- [PROMPT_INJECTION]: While the skill generates prompts for an LLM, it does not contain any instructions that attempt to bypass safety filters or override the agent's core behavior. It focuses on enforcing a specific directory structure and quality standards for new skills.
Audit Metadata