design-system-tokens
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured guidance and configuration examples for design token architecture, theming, and versioning.
- [EXTERNAL_DOWNLOADS]: The documentation references well-known development tools such as Style Dictionary, @tokens-studio/sd-transforms, and the shadcn CLI for project initialization. These are reputable industry standards.
- [COMMAND_EXECUTION]: Example commands are provided for user guidance, such as project initialization and token build scripts. These examples use official registries and established tools.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process
.tokens.jsonfiles. While processing external data is an attack surface, the risk is minimal as the skill adheres to the strictly structured W3C Design Token JSON schema. Evidence: 1. Ingestion points: tokens/**/*.tokens.json (SKILL.md). 2. Boundary markers: None explicit. 3. Capability inventory: File writing via Style Dictionary (references/style-dictionary-config.md). 4. Sanitization: Contrast ratio validation logic (rules/tokens-contrast-enforcement.md).
Audit Metadata