visual-consistency-auditor
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes two shell scripts,
audit-design-system.shandcheck-layout-parity.sh, which are used to analyze local files. These scripts utilize standard utilities likegrepandwcto identify hardcoded hex colors, pixel values, and responsive layout classes. - [EXTERNAL_DOWNLOADS]: No network requests, remote downloads, or external dependencies are defined in the skill files.
- [DATA_EXFILTRATION]: The skill does not access sensitive directories (e.g., SSH keys, AWS credentials) or attempt to transmit data to external domains.
- [PROMPT_INJECTION]: The instructions in
SKILL.mdare focused on design system rules and do not contain patterns typical of prompt injection or behavior overrides. - [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect injection because it reads and processes the content of local files.
- Ingestion points: Files passed as arguments to the audit scripts.
- Boundary markers: None explicitly defined in the scripts.
- Capability inventory: Limited to read-only pattern matching via
grep. - Sanitization: None, but since the scripts only output match counts and text warnings to the console, the risk of instruction execution is negligible.
Audit Metadata