cds-code
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is provided by the official Coinbase vendor and utilizes legitimate infrastructure and packages associated with the Coinbase Design System.
- [COMMAND_EXECUTION]: The skill includes a local bash script (
scripts/discover-cds-packages.sh) used by the agent to identify which design system packages are installed in the project'snode_modules. This script performs read-only operations on metadata (package.json) to ensure the agent uses correct import paths and versions. - [EXTERNAL_DOWNLOADS]: The documentation identifies the
@coinbase/cds-mcp-serveras a dependency, which is installed via standard package management (npx). This is a documented, vendor-owned tool used for providing component documentation to the agent. - [SAFE]: The visual verification workflow encourages the agent to use local browser tooling to inspect UI changes. This is a standard developer workflow and does not involve unauthorized data access or exfiltration.
Audit Metadata