yuv-design-system

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references the author's private GitHub repository at github.com/hoodini/yuv-design-system for retrieving brand assets and ensuring the design system is properly installed. These resources are vendor-owned and used for the skill's primary purpose.
  • [COMMAND_EXECUTION]: Provides instructions for the agent or user to execute shell commands for cloning the brand repository and running setup scripts such as install-skill.sh and ensure-assets.sh. These commands are intended for environment initialization and asset management.
  • [REMOTE_CODE_EXECUTION]: Documentation discusses using tools like WebFetch, curl, and Claude-in-Chrome to fetch external content for site building. This identifies an indirect prompt injection surface; however, the skill explicitly mitigates this risk by instructing the agent to use safe DOM manipulation methods (textContent, createElement) and avoiding unsafe assignment of HTML strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 07:42 AM
Security Audit — agent-trust-hub — yuv-design-system