tailwind-design-system
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [COMMAND_EXECUTION] (INFO): The skill references a local Node.js utility script (
extract-theme-tokens.mjs) used to parse CSS files and output JSON tokens. This is a functional tool within the design workflow and does not utilize remote or untrusted code sources. - [DATA_EXPOSURE] (SAFE): No hardcoded credentials, sensitive file path access, or network exfiltration patterns were found. The skill operates exclusively on local design assets.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-provided CSS files. While these are external inputs, the risk is negligible as the interaction is limited to token extraction and generating UI documentation without involving high-privilege actions or network access.
- [SAFE] (SAFE): All analyzed components follow best practices for template-based design system generation.
Audit Metadata