design-variations
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill uses file-writing capabilities to generate HTML galleries. No sensitive file paths or credentials were found in the instructions or reference materials.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data (component names, code, and descriptions) and uses file system tools. While there is a theoretical surface for indirect injection if a user provides malicious code, the skill instructions provide specific templates and directions that limit the agent's behavior to design generation. The workflow includes a 'kebab-case' naming requirement which serves as a basic sanitization step for file naming.
- [COMMAND_EXECUTION]: The skill includes 'Bash' in its allowed tools. Analysis of the instructions shows this is intended for file management and project-related tasks associated with generating and organizing UI component variations. No dangerous command patterns or unsanitized shell interpolations were detected.
Audit Metadata