skills/openaec-foundation/frontend-design-claude-skill-package/frontend-agents-design-system-validator/Gen Agent Trust Hub
frontend-agents-design-system-validator
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides specific shell command 'recipes' using standard Unix utilities (
grep,sed,comm,sort) to analyze local source code. These commands inventory design tokens and detect violations such as hardcoded color literals or orphan tokens within the project filesystem (e.g.,src/,.audit/). - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs read-only analysis of local CSS and component files. No network operations, exfiltration patterns, or attempts to access sensitive system files (such as credentials, SSH keys, or environment variables) were found.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it ingests untrusted source code data from the user's project during the audit process.
- Ingestion points: Files matching
src/**/*.{css,ts,tsx,vue,svelte}are scanned using grep. - Boundary markers: The instructions do not define explicit delimiters or 'ignore' instructions for the content of processed files.
- Capability inventory: The agent is authorized to run local shell commands (
grep,sed,comm,sort) and read/write audit reports within the project directory. - Sanitization: None. The skill relies on deterministic regex-based grep patterns which limits the execution surface to text matching rather than instruction processing.
Audit Metadata