polish
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data from the local environment to drive its actions.
- Ingestion points: The skill reads local project files including design system documentation, component libraries, style guides, and token definitions (referenced in "Design System Discovery").
- Boundary markers: Absent. There are no instructions to differentiate between data to be processed and instructions that might be embedded within those files.
- Capability inventory: The skill performs file system write operations, including replacing custom code implementations with library components and deleting orphaned code or styles (referenced in "Clean Up").
- Sanitization: Absent. The skill does not specify validation or sanitization protocols for the data ingested from the project files before it is used to generate code modifications.
Audit Metadata