leafygreen-authoring
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install missing UI library components using the
npm installcommand. These downloads are restricted to the@leafygreen-uipackage namespace, which is the official scope for the vendor's own libraries. - [COMMAND_EXECUTION]: The agent is prompted to execute package installation commands based on React component names extracted from the Figma design context. This workflow is constrained to a specific vendor-owned namespace, mitigating the risk of arbitrary package installation.
Audit Metadata