designing-systems
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill consists of markdown documentation and design reference files. It does not include executable scripts, shell commands, or obfuscated logic.
- [EXTERNAL_DOWNLOADS]: The typography configuration in
references/typography.mdreferences CSS font imports from Fontshare (api.fontshare.com). This is a well-known typography service and the usage is appropriate for the skill's purpose. - [PROMPT_INJECTION]: The skill's workflow involves analyzing existing codebase files to extract design tokens using the
fuse-ai-pilot:explore-codebasetool. While this creates an ingestion point for indirect prompt injection from untrusted codebase content, the risk is negligible as it is restricted to design-related tasks. \n - Ingestion points: Existing CSS variables and Tailwind configurations in the user codebase. \n
- Boundary markers: Not specified. \n
- Capability inventory:
Read,Write,Edit,Glob,Grep,Task. \n - Sanitization: None.
Audit Metadata