tailwind
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'Figma to Tailwind theme workflow' which introduces an indirect prompt injection surface by ingesting untrusted data to generate code and files.
- Ingestion points: In
rules/figma-to-theme-workflow.md, the agent is instructed to parse CSS custom properties pasted into the chat by users. - Boundary markers: The skill lacks explicit instructions for the agent to use delimiters or 'ignore embedded instructions' warnings when handling user-pasted data.
- Capability inventory: The agent is given the capability to write generated CSS content to multiple files within the local project directory (e.g.,
src/styles/figma-tokens/). - Sanitization: While the workflow includes parsing and mapping rules, it does not specify sanitization or validation steps to prevent the execution of malicious instructions embedded in CSS comments or variable names.
- [COMMAND_EXECUTION]: The skill references standard command-line operations for project setup and build optimization.
- Evidence: Files
rules/core-utility-model.mdandrules/perf-purging-and-scanning.mdmention the use ofnpm install tailwindcss,npm run build, andnpx tailwindcss. These are well-known development tools appropriate for the skill's purpose.
Audit Metadata