design-systems
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions in
SKILL.mdinclude domain-specific grounding directives (e.g., 'Ignore generic approaches if a specific pattern exists here'). These are standard instructions for controlling model output behavior within a specific domain and do not attempt to bypass core safety filters or extract system prompts. - [Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, environment variables, or hardcoded credentials was found. There are no network-capable functions (curl, wget, fetch) present in the skill.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not include any external package dependencies or remote script execution patterns. It relies entirely on provided markdown reference files.
- [Dynamic Execution] (SAFE): The validation patterns in
references/validations.mdare static regular expressions used for identifying design system anti-patterns in code. They are not executed as code themselves and do not utilizeeval()or similar dangerous functions. - [Indirect Prompt Injection] (SAFE): While the skill is designed to process untrusted user code for design system validation (Ingestion point: User-provided CSS/TSX), it possesses no dangerous capabilities (no file-write, no network, no command execution). Consequently, the surface for indirect prompt injection cannot be leveraged to cause system-level harm.
- [Persistence & Privilege Escalation] (SAFE): No commands related to system persistence, shell profile modification, or privilege escalation (sudo, chmod) were detected.
Audit Metadata