Skills
skills/aradotso/claude-code-skills/claude-code-design-ai/Gen Agent Trust Hub

claude-code-design-ai

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from an unverified personal GitHub account (mikesheehan54).
  • Evidence: git clone https://github.com/mikesheehan54/Claude-Code-Design-AI.git in SKILL.md.
  • [REMOTE_CODE_EXECUTION]: The installation process involves running npm install, which executes code from the downloaded repository and its dependencies.
  • Evidence: npm install following the git clone command in SKILL.md.
  • [COMMAND_EXECUTION]: The skill provides CLI commands for converting files and generating systems, which involve executing local scripts with user-supplied paths.
  • Evidence: npx claude-design convert ./design.png --output ./components in SKILL.md.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted external data.
  • Ingestion points: The skill accepts image URLs (imageUrl) and Figma file keys (fileKey) as input in SKILL.md.
  • Boundary markers: None identified; instructions do not specify delimiters or warnings to ignore embedded content in images or design files.
  • Capability inventory: The skill can perform network operations via the Anthropic and Figma APIs and write files to the local filesystem using ShadcnExporter.writeToFile.
  • Sanitization: No sanitization or validation of the input content (e.g., OCR text from screenshots) is documented before it is passed to the AI model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 04:49 PM
Security Audit — agent-trust-hub — claude-code-design-ai