Skills
skills/resend/design-skills/resend-design-skills/Gen Agent Trust Hub

resend-design-skills

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The design-audit skill processes untrusted data by reading project source code from src/app/(dashboard)* and src/ui/ to identify design system violations. This surface is vulnerable to indirect prompt injection where malicious instructions embedded in code comments could influence the audit report or the content of tickets filed in Linear.
  • Ingestion points: Reads files from the local repository as specified in design-audit/SKILL.md.
  • Boundary markers: The instructions do not define delimiters or specific "ignore embedded instructions" warnings for the ingested code.
  • Capability inventory: The skill uses Linear MCP tools (linear:create_issue, linear:create_comment) to exfiltrate audit findings to a project management board.
  • Sanitization: There is no explicit requirement for the agent to sanitize or escape project content before including it in Linear ticket bodies.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 01:55 PM