resend-design-skills
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches official Resend brand assets, including wordmarks, icons, and textures, from resend.com and cdn.resend.com. These are legitimate vendor resources matching the skill author and are used as intended for design reference.
- [PROMPT_INJECTION]: The design-audit skill processes content from the project's dashboard source code, creating an indirect prompt injection surface.
- Ingestion points: Scans .tsx files in src/app/(dashboard)*.
- Boundary markers: No specific delimiters are used to wrap the scanned code during processing.
- Capability inventory: Reads local files via git and interacts with the Linear project management toolset.
- Sanitization: No explicit sanitization or filtering of the scanned content is described before it is included in audit reports or tickets.
- [SAFE]: All components and patterns documented in the skill align with standard UI development best practices. The audit skill is explicitly described as read-only and does not modify source code or automate pull requests without oversight.
Audit Metadata