design-tokens
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns were detected. The skill's instructions focus on standard front-end development tasks related to design systems and styling.
- [DATA_EXFILTRATION]: The skill scans the local project directory for styling configurations and package metadata (package.json) to identify the tech stack. This data access is necessary for its function and does not involve external transmission or access to sensitive user directories.
- [COMMAND_EXECUTION]: There is no evidence of shell command execution or system-level modifications. The skill is limited to reading project context and writing text-based configuration files.
- [PROMPT_INJECTION]: The skill processes project-level design briefs (DESIGN_BRIEF.md), which serves as an ingestion point for potentially untrusted data. The risk is minimized as the skill lacks dangerous capabilities like network access or shell execution. 1. Ingestion points: Reads DESIGN_BRIEF.md and project source code. 2. Boundary markers: No explicit boundary markers or delimiters are used for the external content. 3. Capability inventory: Limited to file system read and write operations for design configuration. 4. Sanitization: No specific sanitization of the brief's content is described.
Audit Metadata