wireframe
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses restricted bash commands (cp, mkdir, open) to manage local design artifacts and launch previews. These operations are limited to the user's workspace and serve the primary purpose of the skill.
- [PROMPT_INJECTION]: The skill ingests context from local design files and external links (e.g., Figma or GitHub) to inform design decisions. This creates an indirect prompt injection surface. Ingestion points: Phase 0 context check (reading .claude/design-tokens.json, ~/.claude/design-systems/, and user-provided briefs). Boundary markers: None explicitly defined to isolate untrusted content. Capability inventory: Access to Write, Edit, and restricted Bash tools. Sanitization: No explicit instructions for sanitizing or validating ingested content are provided.
Audit Metadata