yuv-design-system
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the author's private GitHub repository at github.com/hoodini/yuv-design-system for retrieving brand assets and ensuring the design system is properly installed. These resources are vendor-owned and used for the skill's primary purpose.
- [COMMAND_EXECUTION]: Provides instructions for the agent or user to execute shell commands for cloning the brand repository and running setup scripts such as install-skill.sh and ensure-assets.sh. These commands are intended for environment initialization and asset management.
- [REMOTE_CODE_EXECUTION]: Documentation discusses using tools like WebFetch, curl, and Claude-in-Chrome to fetch external content for site building. This identifies an indirect prompt injection surface; however, the skill explicitly mitigates this risk by instructing the agent to use safe DOM manipulation methods (textContent, createElement) and avoiding unsafe assignment of HTML strings.
Audit Metadata