ckm-brand
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/sync-brand-to-tokens.cjsinvokes an external Node.js process to generate tokens. - Evidence: It uses
execFileSync('node', [generateScript, ...])to execute a script located at.claude/skills/design-system/scripts/generate-tokens.cjs. - This pattern demonstrates cross-skill interaction by executing code from an external directory relative to the workspace root.
- [PROMPT_INJECTION]: The skill implements a prompt injection surface in
scripts/inject-brand-context.cjsby extracting text from markdown files to build agent instructions. - Ingestion points: The script reads and parses content from
docs/brand-guidelines.md, specifically targeting sections like### Brand Personalityand### Core Attributes. - Boundary markers: The generated prompt block uses basic headers (e.g.,
BRAND CONTEXT:) but lacks explicit delimiters or instructions for the agent to ignore any malicious commands embedded within the extracted data. - Capability inventory: The skill includes scripts capable of reading/writing to the file system and executing subprocesses.
- Sanitization: No validation, escaping, or filtering is applied to the text extracted from the markdown file before it is interpolated into the system prompt addition.
- [EXTERNAL_DOWNLOADS]: Reference documentation and templates contain links to Google Fonts for design specifications.
- Evidence: Files such as
templates/brand-guidelines-starter.mdandreferences/typography-specifications.mdinclude URLs pointing tofonts.googleapis.com. - These references are used for standard web typography configuration and originate from a well-known service provider.
Audit Metadata