design-preset-system
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [PROMPT_INJECTION] (SAFE): The skill contains standard instructional language for theme application and integration. No attempts to bypass safety filters or override system instructions were detected.
- [DATA_EXFILTRATION] (SAFE): No network-capable commands (curl, wget) or access to sensitive local file paths (~/.ssh, .env) were found. The skill only provides UI constants.
- [REMOTE_CODE_EXECUTION] (SAFE): There are no remote script downloads or piped command executions. The skill consists of static TypeScript objects.
- [COMMAND_EXECUTION] (SAFE): No subprocess spawning or shell command execution logic is present in any of the files.
- [INDIRECT_PROMPT_INJECTION] (INFO): While the skill processes user requests for specific design styles, it maps these to hardcoded local token files. The ingestion surface is limited to selecting predefined styles, and the output is non-executable configuration data.
- [OBFUSCATION] (SAFE): The code is clear and human-readable with no Base64, zero-width characters, or encoded strings.
Audit Metadata