ui-design-system
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill documentation provides command-line examples for executing a local script named 'scripts/design_token_generator.py' that is not included in the provided file list.\n
- Evidence: The skill suggests running
python scripts/design_token_generator.py --brand "#0066CC" --style modern.\n - Risk: The script is not provided in the package and is not listed in the
dependencies.scriptsYAML section. This violates best practices for skill packaging and could lead to the execution of untrusted local files if a malicious file with the same name exists in the user's environment.\n- [NO_CODE] (LOW): The skill is a skeleton template and lacks the necessary logic to perform its stated tasks.\n - Evidence: Multiple metadata fields such as
time-saved,frequency, anduse-casescontain 'TODO' markers. The core script mentioned throughout the documentation is missing.\n - Risk: The skill claims to be 'verified' in its metadata but is clearly non-functional, which could mislead users regarding its capabilities and safety.
Audit Metadata