extract-design-system
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a Python script
scripts/run.pythat is used to call the external AI Skills service. - [EXTERNAL_DOWNLOADS]: The execution script initiates network connections to
https://ai-skills.aito send parameters and retrieve results. - [DATA_EXFILTRATION]: User-supplied data, including design descriptions and remote URLs, are sent to the vendor's API at
ai-skills.aifor processing. - [PROMPT_INJECTION]: The skill processes data from untrusted sources (external URLs and user-pasted text), creating a potential surface for indirect prompt injection.
- Ingestion points: Parameters
materialUrl,materialFile, andmaterialTextinscripts/run.py. - Boundary markers: No explicit delimiters or warnings to ignore embedded instructions were found in the skill logic.
- Capability inventory: The skill uses
urllibinscripts/run.pyto make network requests to the vendor API. - Sanitization: The script performs JSON encoding of inputs but does not implement specific sanitization or validation of the content of external materials.
Audit Metadata