pie-design-system
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Node.js script (
scripts/fetch-references.mjs) to synchronize documentation from the project'snode_modulesfolder into the skill's local directory. While this script is limited to file system operations (read, write, delete, copy) within the skill's workspace and thenode_modulesdirectory, it represents a local command execution vector. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to ingest and process documentation from external dependencies (PIE design system packages). If these packages were compromised, they could contain instructions intended to influence the agent's behavior.
- Ingestion points: Files located in
node_modules/@justeattakeaway/and@justeat/pie-design-tokens(e.g., README.md, docs/.md, metadata/.json). - Boundary markers: None identified; the agent is instructed to read the files directly.
- Capability inventory: File system access (read/write/delete), local command execution via
node. - Sanitization: No sanitization or validation of the content of the documentation files is performed before processing.
Audit Metadata