extract-design-system

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python script scripts/run.py that is used to call the external AI Skills service.
  • [EXTERNAL_DOWNLOADS]: The execution script initiates network connections to https://ai-skills.ai to send parameters and retrieve results.
  • [DATA_EXFILTRATION]: User-supplied data, including design descriptions and remote URLs, are sent to the vendor's API at ai-skills.ai for processing.
  • [PROMPT_INJECTION]: The skill processes data from untrusted sources (external URLs and user-pasted text), creating a potential surface for indirect prompt injection.
  • Ingestion points: Parameters materialUrl, materialFile, and materialText in scripts/run.py.
  • Boundary markers: No explicit delimiters or warnings to ignore embedded instructions were found in the skill logic.
  • Capability inventory: The skill uses urllib in scripts/run.py to make network requests to the vendor API.
  • Sanitization: The script performs JSON encoding of inputs but does not implement specific sanitization or validation of the content of external materials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:31 AM
Security Audit — agent-trust-hub — extract-design-system