gsp-typography
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes Google Fonts for web font imports and references typescale.com to allow users to preview typography ratios. These are well-known services appropriately used for the skill's intended purpose.
- [PROMPT_INJECTION]: The skill supports an enrichment mode that reads existing project files to extract and enhance font settings, creating a surface for indirect prompt injection.
- Ingestion points: Reads existing files at {BRAND_PATH}/identity/typography.md.
- Boundary markers: No explicit delimiters or ignore-instructions warnings are specified for the read content.
- Capability inventory: The skill has access to Bash, Read, and Write tools to modify the project environment.
- Sanitization: No explicit sanitization or validation of the ingested typography content is described.
- [COMMAND_EXECUTION]: The skill's architecture involves dynamic path construction to load internal logic files from the domains/ directory based on input arguments. This loading is scoped to the skill's own directory, which is a standard pattern for modularizing complex agent instructions.
Audit Metadata