typography
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documentation and provided script focus entirely on improving UI typography based on Nielsen Norman Group (NN/g) principles.
- [COMMAND_EXECUTION]: The skill utilizes a bundled Ruby script (
scripts/typography_audit.rb) to perform heuristic analysis. The script safely extracts CSS properties (font-size, color, line-height) and generates a local HTML report for visual testing. - [DATA_EXPOSURE]: While the script reads project files (CSS/HTML), it does not access sensitive system directories, environment variables, or perform any network operations to exfiltrate data.
- [INDIRECT_PROMPT_INJECTION]: The skill has a potential surface for indirect prompt injection as it processes untrusted input from codebase files (CSS rules and selectors). However, the risk is mitigated by the script's focus on structured numeric data and CSS keywords, and the severity is assessed as low given the lack of dangerous capabilities combined with this ingestion point.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. The script uses only standard Ruby libraries and performs all processing locally.
Audit Metadata