design-systems-slds-validate

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands to run the SLDS linter and a custom Node.js analysis script. These operations are limited to the component path provided by the user and are required for generating the compliance audit.
  • [EXTERNAL_DOWNLOADS]: Fetches the latest version of the official Salesforce SLDS linter package from the npm registry using npx. This is an expected operation for obtaining up-to-date audit rules from a well-known service and aligns with the vendor's own ecosystem.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration was found. The analysis is performed locally on the user's component files, and results are printed to the console for processing by the agent.
  • [PROMPT_INJECTION]: The skill analyzes user-provided component source code, which represents an indirect prompt injection surface. However, the analysis is performed using a structured script and linter, which minimizes the risk of the agent following malicious instructions embedded in the source code.
  • Ingestion points: Local component files (.html, .css, .js) at the user-provided path specified in SKILL.md.
  • Boundary markers: None present in the prompt templates.
  • Capability inventory: Shell command execution via npx and node as documented in SKILL.md and scripts/analyze-quality.cjs.
  • Sanitization: The analysis script uses regular expressions for pattern detection, providing a basic layer of structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:50 PM
Security Audit — agent-trust-hub — design-systems-slds-validate