design-tokens-validator
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate developer tool designed to detect hard-coded values in styles and code. No security violations such as hardcoded credentials, unauthorized network operations, or persistence mechanisms were detected.- [PROMPT_INJECTION]: While the skill processes untrusted source code, it does not demonstrate exploitable vulnerabilities. (1) Ingestion points: Source files in the
src/directory andtokens.json. (2) Boundary markers: Absent in the documentation. (3) Capability inventory: Text-based analysis and token replacement suggestions; no dangerous system-level capabilities are invoked. (4) Sanitization: Not defined for processed source files.
Audit Metadata