enhance-prompt
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows standard design-to-code practices by analyzing user requests and referencing local design system files such as
DESIGN.mdortailwind.config.js. It does not engage in network exfiltration, hardcode sensitive credentials, or attempt to bypass security guardrails. - [SAFE]: Analysis of the Indirect Prompt Injection attack surface indicates a low-risk profile.
- Ingestion points: Raw user UI requests are processed in SKILL.md (Step 1).
- Boundary markers: The skill provides a highly structured output format (Step 4) which helps the agent maintain context and ignore irrelevant instructions embedded in user input.
- Capability inventory: The skill uses standard 'Read' and 'Write' tools for project file access and prompt generation.
- Sanitization: Instructions emphasize structural transformation and design system integration, providing a framework that prevents arbitrary instruction execution from user data.
- [SAFE]: Script components (
main.cjs,hooks/) are limited to basic CLI argument parsing and telemetry reporting with no use of dangerous execution patterns likeeval()orexec()on untrusted data.
Audit Metadata