validating-slds
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: A comprehensive analysis of the skill's instructions and scripts revealed no malicious intent, obfuscation, or unauthorized network activity.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to run the Salesforce SLDS linter via
npxand a local utility script vianode. These operations are standard for the skill's stated purpose and utilize official tools from a well-known technology provider. - [PROMPT_INJECTION]: The skill processes untrusted data in the form of user-provided code files (HTML, CSS, JS) during the auditing process. This establishes an indirect prompt injection surface where malicious instructions could be embedded in comments or markup to influence the agent's quality report.
- Ingestion points: The
scripts/analyze-quality.cjsscript and the agent's manual review process ingest content from local component files. - Boundary markers: There are no explicit boundary markers defined to isolate the untrusted code during the manual review step.
- Capability inventory: The skill is capable of executing shell commands for linting and analysis as documented in
SKILL.md. - Sanitization: The analysis script uses regular expression matching for static analysis and does not execute or evaluate the content of the target files.
Audit Metadata