taste-design-taste-frontend

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill does not contain any malicious code, data exfiltration patterns, or persistence mechanisms. Its instructions and code snippets follow modern React and Tailwind CSS best practices.
  • [EXTERNAL_DOWNLOADS]: The skill references and recommends the use of numerous official packages and assets from well-known industry services.
  • Recommends installation of official design system packages from Microsoft (@fluentui), Google (@material/web), IBM (@carbon/react), Shopify (polaris.js), and Atlassian (@atlaskit).
  • Includes instructions for fetching brand icons from Simple Icons' CDN and placeholder photography from picsum.photos.
  • References the initialization of shadcn/ui, a widely used open-source component library.
  • [PROMPT_INJECTION]: The skill uses extremely prescriptive language ('MANDATORY', 'HARD RULES', 'BANNED') to override the default tendencies of the LLM, referred to as 'Anti-Default Discipline'. These rules target design elements like the em-dash character and specific color palettes to ensure high-quality output. This is a quality-control application of instruction-based behavior modification.
  • [PROMPT_INJECTION]: As the skill is designed to process user-provided design briefs, it naturally possesses an indirect prompt injection surface. The skill incorporates multiple 'Pre-Flight' checks and content audits that help verify the integrity and quality of the generated code based on the input.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:27 PM
Security Audit — agent-trust-hub — taste-design-taste-frontend