Skills
skills/inkeep/team-skills/brand/Gen Agent Trust Hub

brand

Warn

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/process-manifest.ts accesses sensitive local configuration data.
  • Evidence: It reads the ~/.claude.json file in the user's home directory to search for FIGMA_ACCESS_TOKEN values stored in other MCP server configurations.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes network requests to download external assets and code references.
  • Evidence: scripts/generate-product-manifest.ts fetches source files from vendor-specific repositories on GitHub (inkeep/agents and inkeep/agents-ui).
  • Evidence: scripts/process-manifest.ts downloads image assets from the Figma API (api.figma.com).
  • [COMMAND_EXECUTION]: Utility scripts execute external system commands using the Bun runtime.
  • Evidence: scripts/generate-product-manifest.ts spawns the GitHub CLI (gh) to interact with the GitHub API.
  • Evidence: scripts/process-manifest.ts executes npx svgo to optimize SVG assets.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 14, 2026, 09:30 AM