Skills
skills/alibaba/opc-starter/design-system-ui/Gen Agent Trust Hub

design-system-ui

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to ingest and analyze untrusted external data.
  • Ingestion points: SKILL.md (Step 1) explicitly instructs the agent to accept inputs as screenshots, Figma exports, and URLs to analyze design references.
  • Boundary markers: The skill does not provide specific delimiters or instructions for the agent to ignore potential malicious prompts embedded within these external references.
  • Capability inventory: The skill has the capability to execute shell commands (grep) and perform file operations on the local project directory.
  • Sanitization: No sanitization or validation of the external input is performed before the agent uses it to generate or modify code.
  • [COMMAND_EXECUTION]: The skill uses local shell commands to audit and analyze existing project structures.
  • Evidence: SKILL.md contains multiple instructions to use grep (e.g., grep -rn "bg-gray-" src/, grep -rn "sm:" src/ | head -20) to detect design patterns and hardcoded values. These commands are localized to the project source directory and are consistent with the skill's stated purpose of retrofitting projects.
  • [EXTERNAL_DOWNLOADS]: The skill references an external schema for configuration validation.
  • Evidence: assets/project-template/components.json.template references https://ui.shadcn.com/schema.json.
  • Context: This is the official configuration schema for the well-known Shadcn UI library, representing a standard and safe resource for the intended development workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 06:25 AM