design-system-starter

The skill "Design System Starter" is composed of six files: README.md, SKILL.md, checklists/design-system-checklist.md, references/component-examples.md, templates/component-template.tsx, and templates/design-tokens-template.json.

1. README.md and SKILL.md: These files provide descriptive information about the skill, its purpose, usage examples, triggers, and design philosophy. They contain no executable code, shell commands, or references to external scripts that the agent would execute.
2. checklists/design-system-checklist.md: This is a static Markdown document providing a checklist. It contains no executable content.
3. references/component-examples.md and templates/component-template.tsx: These files contain TypeScript/React code snippets. These are presented as examples and templates for the user to implement in their own projects, not as code to be executed by the AI agent. They do not contain any direct system calls, network requests, or file system manipulations that would be triggered by the agent. The import import { cn } from '../utils/cn'; refers to an internal utility within the hypothetical user's project structure, not an external dependency the skill itself would fetch or install.
4. templates/design-tokens-template.json: This is a static JSON data file defining design tokens. It contains no executable content.

Threat Category Review:

• Prompt Injection: No patterns detected. The instructions are benign and guide the user.
• Data Exfiltration: No commands or code capable of reading sensitive files or making unauthorized network requests.
• Obfuscation: No obfuscated content (Base64, zero-width characters, homoglyphs, etc.) was found in any of the files.
• Unverifiable Dependencies: The skill describes using various tools and frameworks (e.g., Style Dictionary, Tailwind CSS, React, Storybook), but it does not contain any commands to install or execute these. It merely references them as part of a design system workflow. No direct npm install or pip install commands are present for the agent to execute.
• Privilege Escalation: No commands like sudo or chmod are present.
• Persistence Mechanisms: No attempts to modify shell configurations, create cron jobs, or establish other persistence methods.
• Metadata Poisoning: The metadata in SKILL.md and templates/design-tokens-template.json is clean and descriptive.
• Indirect Prompt Injection: The skill's nature is to provide static information and templates, not to process arbitrary external user input that could lead to indirect injection.
• Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers were found.

Conclusion: The skill is purely informational and template-based. It does not execute any code or interact with the user's system in a way that could pose a security risk.