The Agent Skills Directory

[SAFE]: No malicious behavior, obfuscation, or sensitive data access was detected across the skill's instructions, agent manifest, or reference materials. The skill's functionality is consistent with its described purpose of design system orchestration. References to external resources (e.g., Lucide, unpkg.com) target well-known and trusted services.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests user-supplied platform and host names which are interpolated into file paths and subsequently processed by the Bash tool during the asset inventory scan (Step 8.5). While the instructions are legitimate, this architecture depends on the underlying model's ability to handle shell metacharacters in user-provided strings. This finding represents a standard vulnerability surface in agentic tools rather than an active threat.

brand-system