graphicode-designer-trans-ts-react-less
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes file system operations such as copying mockups and removing temporary files (e.g., clearing the
./.tmpdirectory) to manage assets during the code translation process. These operations are performed on local project paths defined in the project configuration. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data in the form of design mockups (.tsx and .less files). These files could potentially contain embedded instructions that might influence the behavior of the subagents used during the translation steps. However, the scope of the subagents is restricted to specific file transformations, which limits the potential impact.
- Ingestion points: Reads mockup files from directory paths specified in the
graphig.mdconfiguration. - Boundary markers: None explicitly defined for mockup content parsing.
- Capability inventory: File system access (read/write/delete) within the project directory.
- Sanitization: No specific sanitization or filtering of mockup code content is described before processing.
- [SAFE]: All identified Node.js dependencies are standard development libraries (React, Vite, Ant Design) sourced from the official NPM registry. The skill's operations are confined to the local project environment, and no attempts to access sensitive system files or exfiltrate data were found.
Audit Metadata