awesome-design-skills-registry
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches design configuration and instruction files from the typeui.sh registry and related GitHub repositories using the CLI.
- [REMOTE_CODE_EXECUTION]: Recommends the use of npx typeui.sh to dynamically download and execute the CLI tool from a remote registry during usage.
- [COMMAND_EXECUTION]: Explicitly suggests running npx with sudo (sudo npx typeui.sh pull) and using sudo chown for troubleshooting, which presents a significant privilege escalation risk.
- [PROMPT_INJECTION]: Establishes an indirect prompt injection surface by directing AI agents to reference and follow instructions from externally sourced SKILL.md files. 1. Ingestion points: design-skills/*/SKILL.md files populated from remote sources. 2. Boundary markers: Absent; agents are told to use these files as strict guidelines for generation. 3. Capability inventory: npx, npm, and open (subprocess calls) are available in the skill environment. 4. Sanitization: No validation is performed on the content of the downloaded instructions before the agent processes them.
Audit Metadata