typescale
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill behaves as a deterministic mathematical utility for calculating and generating typography systems. Its logic is transparent and centered on design automation.
- [EXTERNAL_DOWNLOADS]: References Google Fonts for stylesheet generation and typescale.com for interactive previews. These are well-known and legitimate services consistent with the skill's purpose.
- [COMMAND_EXECUTION]: Uses the Bash tool to manage the local project environment, including creating directories and writing generated assets to the branding folder.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by ingesting data from style preset files. -- Ingestion points: Reads configuration from ../gsp-style/styles/{name}.yml. -- Boundary markers: Absent; the skill relies on the structure of the YAML file for parsing. -- Capability inventory: Has access to Bash, Write, and WebSearch tools. -- Sanitization: The skill extracts specific keys (e.g., font-family-primary) rather than executing or interpolating the entire file content, reducing the likelihood of accidental instruction obedience.
Audit Metadata