makepad-font
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language such as 'Claude MUST' and 'IMPORTANT' to define a specific workflow for checking documentation completeness. These are meta-instructions for the agent's task-specific behavior and do not attempt to bypass underlying safety filters or extract system prompts.
- [PROMPT_INJECTION]: The skill exhibits a surface area for indirect prompt injection because it instructs the agent to read and incorporate content from local reference files (e.g.,
./references/font-system.md) into its responses. - Ingestion points: Reading local markdown files via the agent's file system tools.
- Boundary markers: None identified; the agent is not instructed to treat the content of these files as untrusted.
- Capability inventory: The skill body contains no dangerous capabilities such as arbitrary command execution, network writes, or file modification tools.
- Sanitization: No sanitization of the reference content is performed before interpolation into the agent's context.
- [COMMAND_EXECUTION]: The skill text mentions a command (
/sync-crate-skills makepad --force) that the agent should suggest to the user if local documentation is missing. This is a user-facing recommendation for environment synchronization and does not involve the agent executing the command itself. - [SAFE]: The external URLs provided in the documentation (e.g., crates.io and example.com) are used for informational purposes and example links, representing no security risk.
Audit Metadata