brand
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/sync-brand-to-tokens.cjsuseschild_process.execSyncto execute a script located at.claude/skills/design-system/scripts/generate-tokens.cjs. This facilitates inter-skill automation but relies on the integrity of the design-system skill. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface in
scripts/inject-brand-context.cjs. The script readsdocs/brand-guidelines.md, extracts free-text fields such aspersonalityandprohibited terms, and interpolates them into a 'BRAND CONTEXT' block for system prompts. If the source markdown file is modified to include malicious instructions, they could influence agent behavior. - Ingestion points:
docs/brand-guidelines.md(read byinject-brand-context.cjsandsync-brand-to-tokens.cjs). - Boundary markers: The generated prompt uses 'BRAND CONTEXT' and 'VISUAL IDENTITY' headers, but does not include explicit 'ignore embedded instructions' warnings for the interpolated data.
- Capability inventory: Local file system read/write (via
fs), and local command execution (viaexecSync). - Sanitization: The scripts use regex to extract hex colors and specific markdown sections, but perform no sanitization on the text content of the extracted fields before prompt interpolation.
Audit Metadata