Skills
skills/resend/design-skills/resend-design-skills/Gen Agent Trust Hub

resend-design-skills

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The design audit skill creates an indirect prompt injection surface because it reads and analyzes dashboard source files from src/app/(dashboard)* and src/ui/. Instructions hidden in these files could influence the audit logic or the content of Linear tickets.
  • Ingestion points: Dashboard and UI source code files processed during the audit.
  • Boundary markers: Files are ingested as raw text without explicit boundary markers or instructions to ignore embedded commands.
  • Capability inventory: Usage of git rev-parse HEAD and the Linear MCP toolset (linear:create_issue, linear:create_comment, etc.).
  • Sanitization: No sanitization of the ingested file content is implemented.
  • [COMMAND_EXECUTION]: The audit utility executes git rev-parse HEAD to identify the current repository commit for reporting purposes. This is a standard read-only operation used to version the audit results.
  • [DATA_EXFILTRATION]: The skill gathers findings from local source code and transmits them to the Linear platform via MCP tools. This data flow is documented and intended for the skill's automated design auditing purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 05:22 PM
Security Audit — agent-trust-hub — resend-design-skills