moai-domain-uiux
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The module modules/design-system-tokens.md includes a TypeScript template sync-pencil-tokens.ts that utilizes child_process.exec to run local build commands like npm run tokens:build. This is a standard automation pattern but involves subprocess spawning.
- [COMMAND_EXECUTION]: The modules/design-system-tokens.md file provides a generate-token-types.ts script that generates TypeScript code by interpolating values from JSON token files. Without strict validation or escaping of the input keys and values, this pattern could lead to code injection in the generated output files if the input data is malicious.
- [EXTERNAL_DOWNLOADS]: The skill references numerous libraries and resources from well-known technology organizations, such as Vercel Labs, Radix UI, and Lucide. These are documented for their intended use in component and design system implementation.
- [PROMPT_INJECTION]: Surface for indirect prompt injection is present in the design token processing workflows.
- Ingestion points: The skill processes design tokens (JSON) and Pencil (.pen) files as described in modules/design-system-tokens.md.
- Boundary markers: No delimiters or specific safety instructions are present in the provided processing scripts to ignore embedded instructions in the data.
- Capability inventory: The skill body includes templates with file system access (read/write) and command execution capabilities (via exec).
- Sanitization: The transformToTokens and generateTypes logic in modules/design-system-tokens.md does not perform escaping or validation of the input data before it is used in code generation or build steps.
Audit Metadata