claude-design
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references React, ReactDOM, and Babel-standalone from the Unpkg CDN for use in interactive prototypes. These implementations use pinned versions and Subresource Integrity (SRI) hashes to prevent supply chain attacks and ensure file integrity.
- [EXTERNAL_DOWNLOADS]: External assets including fonts and CSS are sourced from reputable and well-known providers such as Google Fonts and RSMS.me.
- [COMMAND_EXECUTION]: Documentation includes instructions for the agent to use standard CLI utilities (e.g., curl, grep, ffmpeg, and yt-dlp) to retrieve and process brand assets like logos and product screenshots.
- [COMMAND_EXECUTION]: Installation instructions utilize the
npx skillsutility, which is a common pattern for managing agentic skills. - [SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were detected within the skill's code or instructions.
- [SAFE]: The skill incorporates extensive security and quality checklists, such as fact verification before design and avoiding the use of unverified AI-generated tropes.
Audit Metadata