design-lookup
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses a helper script
scripts/fetch-page.pythat utilizes the Playwright library to fetch content from design websites. This is a standard automation practice for rendering modern web applications (SPAs) and bypassing basic bot detection to retrieve legitimate UI code requested by the user. - [SAFE]: All external URLs referenced in
references/sources.mdfor fetching SVG icons (e.g., GitHub raw URLs for Lucide, Heroicons, and Tabler) belong to well-known, reputable open-source projects and organizations. - [SAFE]: The Python script contains logic to clean up text from the CodeMirror editor used on sites like CodePen. While it handles specific characters like
\u200b(zero-width space), this is done for formatting purposes (preserving empty lines) and does not constitute malicious obfuscation.
Audit Metadata