Skills
skills/aradotso/design-skills/interface-design-system/Gen Agent Trust Hub

interface-design-system

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides installation instructions that require downloading code from a non-whitelisted GitHub repository.
  • Evidence: git clone https://github.com/Dammyjay93/interface-design.git in the Manual Method section.
  • [COMMAND_EXECUTION]: The installation process involves copying files into sensitive agent configuration and plugin directories, which could allow arbitrary code execution or persistence if the downloaded content is malicious.
  • Evidence: cp -r .claude/* ~/.claude/ and cp -r .claude-plugin/* ~/.claude-plugin/ in the Manual Method section.
  • [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by reading and processing instructions from an external data file that could be modified by third parties or other processes.
  • Ingestion points: Reads design patterns and tokens from .interface-design/system.md (SKILL.md).
  • Boundary markers: Not implemented; the agent is instructed to treat the file content as an "Active System" configuration.
  • Capability inventory: The skill performs file system writes (/interface-design:extract) and uses custom agent commands (/interface-design:*).
  • Sanitization: No validation or sanitization of the .interface-design/system.md content is described before interpolation into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 10:47 PM