unify-design
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and processes source code from the project environment which is considered untrusted data.\n
- Ingestion points: Project source files including .tsx, .ts, .jsx, .js, .vue, .svelte, .css, .scss, and .html are read using git grep and file system tools.\n
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent processes the retrieved code content.\n
- Capability inventory: The skill has broad capabilities including file modification (Write, Edit) and shell execution (Bash) across multiple package managers.\n
- Sanitization: There is no evidence of content sanitization or validation of the ingested code before it is interpreted by the agent.\n- [COMMAND_EXECUTION]: The skill utilizes shell commands to interact with project tools like git, npm, yarn, and pnpm. While these are standard for development workflows, they involve executing logic based on project configuration files (e.g., package.json scripts).
Audit Metadata