design
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill features 'Audit' commands that read local design files (
src/styles/tokens.css,src/styles/typography.css) and interpolate their raw content into LLM prompts. - Ingestion points: Files at
src/styles/tokens.cssandsrc/styles/typography.cssare read viacatand passed to thegeminiCLI. - Boundary markers: Absent. The file content is interpolated directly into the prompt string without delimiters or instructions for the AI to ignore embedded commands.
- Capability inventory: The skill utilizes the
geminiCLI for text generation and processing, and standard shell utilities (cat,jq) for file manipulation. - Sanitization: None detected. Content from external style files is used as-is.
- Command Execution (SAFE): The skill contains bash snippets for exporting design tokens. These utilize standard, non-malicious tools like
catandjqto transform JSON data into CSS, JS, and SCSS formats.
Audit Metadata