Skills
skills/aradotso/design-skills/cc-design-html-prototyping/Gen Agent Trust Hub

cc-design-html-prototyping

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The troubleshooting and installation sections suggest using sudo for installing system packages (apt install ffmpeg) and browser dependencies (sudo npx playwright install chromium).
  • [EXTERNAL_DOWNLOADS]: The skill fetches design system configurations and brand styles from an external domain (getdesign.md) during the 'Progressive Brand Loading' phase.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes external brand data which could contain malicious instructions.
  • Ingestion points: External brand guidelines are loaded from https://getdesign.md/brands/{brand-name}.md and processed into the design context.
  • Boundary markers: None identified in the instruction set to delimit external design tokens from agent instructions.
  • Capability inventory: The skill has the capability to write files to the .claude/ directory, execute shell commands for export (ffmpeg, playwright), and generate/render executable HTML/JavaScript prototypes.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from the external brand library before it is incorporated into the design process.
  • [REMOTE_CODE_EXECUTION]: The generated HTML prototypes include remote scripts from unpkg.com (React, Babel). While these are from a well-known CDN, the skill's logic for fetching brand styles from getdesign.md represents a remote content fetch that influences agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:18 PM