Skills
skills/chenaey/codify-dev-skill/codify-design-to-code/Gen Agent Trust Hub

codify-design-to-code

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions utilize curl and local Node.js scripts (download-assets.cjs, download-screenshot.cjs) to interact with a local API server at 127.0.0.1:13580. These commands are used to retrieve design metadata and visual assets required for code generation and are consistent with the tool's primary purpose.
  • [PROMPT_INJECTION]: The skill ingests design data from the local API to guide code generation, representing a surface for indirect prompt injection. Since the ingestion source is a local development server, the risk is minimal and inherent to the skill's function.
  • Ingestion points: get_design API responses containing node names and text content.
  • Boundary markers: None implemented.
  • Capability inventory: Local loopback networking via curl, local script execution via node, and file system write access for assets.
  • Sanitization: Not explicitly specified for fetched design content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 12:46 AM