design-tokens
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill primarily serves as a knowledge base and guide for design system tokens following the DTCG specification. It provides clear, expert instructions for standard development workflows without performing autonomous or suspicious actions.\n- [EXTERNAL_DOWNLOADS]: The documentation references official packages from the well-known NPM registry, such as @terrazzo/cli and @terrazzo/plugin-css. These are established tools for design token processing and do not present a security risk.\n- [COMMAND_EXECUTION]: The skill provides various jq and terrazzo command examples for local file processing. These commands are standard for the domain, involve no unauthorized access or exfiltration, and are intended for use on the user's own token files within the project context.\n- [DATA_EXPOSURE]: No sensitive data access patterns were identified. All file operations are limited to design token JSON files, and there is no evidence of unauthorized network activity or credential harvesting.
Audit Metadata