Skills
skills/phrazzld/claude-config/design-theme/Gen Agent Trust Hub

design-theme

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • COMMAND_EXECUTION (LOW): The skill executes a shell command (git add -A && git commit) to automate version control updates. While standard for development, it constitutes automated command execution on the local environment.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill interpolates variables (selectedDNA, fontStack, palette) into a prompt for the mcp__kimi__spawn_agent tool without sanitization. If these variables contain malicious instructions from an untrusted source (e.g., a malicious design catalog), they could influence the spawned agent's behavior.
  • Ingestion points: Variables ${selectedDNA}, ${fontStack}, and ${palette} used in the Kimi agent prompt template.
  • Boundary markers: None; variables are interpolated directly into the template string.
  • Capability inventory: The skill has the ability to write to the filesystem (app/globals.css), delete files (tailwind.config.ts), and execute Git commands.
  • Sanitization: No validation or escaping of the design token variables is present.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM