Skills
skills/popup-studio-ai/bkit-claude-code/phase-5-design-system/Gen Agent Trust Hub

phase-5-design-system

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: An indirect prompt injection surface was detected involving the interpolation of untrusted data into task definitions.
  • Ingestion point: The task-template property in SKILL.md interpolates the {feature} variable from user input.
  • Boundary markers: Absent; there are no clear delimiters or instructions for the agent to ignore instructions embedded within the feature description.
  • Capability inventory: The skill is permitted to use Bash, Write, Edit, and Glob tools, representing a high-impact capability set if an injection is successful.
  • Sanitization: Absent; the skill does not specify any validation or escaping mechanisms for the interpolated content.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run npx commands for initializing shadcn and building with style-dictionary. These are well-known development tools, and their use is documented neutrally as they are standard within the development ecosystem for this skill's stated purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 12:31 PM