gsp-design-system
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill's primary function is to read configuration files (such as package.json, tsconfig.json, and tailwind.config.js) and component source files to generate design documentation. It does not perform network requests or exfiltrate any data.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to create a local directory for its output (mkdir -p .design/system). This is a standard operation consistent with its stated purpose of organizing documentation. - [DATA_EXPOSURE]: The skill reads project-level configuration files and source code. While these files are analyzed, the output is restricted to the local workspace and intended for developer documentation, posing no risk of unauthorized external disclosure.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the codebase, including component source code and configuration files.
- Ingestion points: Reads various files including
package.json,tsconfig.json, and files withinsrc/components/. - Boundary markers: None specified for the processed content.
- Capability inventory: Access to
Read,Write,Bash, andGreptools. - Sanitization: The skill performs pattern matching and summarization; however, it does not explicitly sanitize the content of the files it reads before documentation. Given the local documentation context, this is a standard risk for auditing tools.
Audit Metadata