direct
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill follows best practices for managing project state and uses a local, bundled JSON library for deterministic design choices.
- [COMMAND_EXECUTION]: The skill instructs the agent to use system-specific commands (
open,xdg-open,start) to display a locally generated HTML user interface (stardust/_palette-pick.html). This is a benign use of shell commands to facilitate a local design workflow and does not involve elevated privileges or remote data access. - [PROMPT_INJECTION]: The skill processes untrusted data from external websites (such as hero copy and voice samples) which constitutes an indirect prompt injection surface. However, this is inherent to the skill's purpose of site analysis.
- Ingestion points:
stardust/current/pages/<slug>.jsonand_brand-extraction.json(specifically hero copy and voice samples). - Boundary markers: Absent for raw text interpolation into markdown documents.
- Capability inventory: Filesystem writes (
PRODUCT.md,DESIGN.md,DESIGN.json) and local command execution for UI display. - Sanitization: Not explicitly defined in the instructions for the extracted text.
Audit Metadata