Skills
skills/bitjaru/styleseed/ss-setup/Gen Agent Trust Hub

ss-setup

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches design specifications from the VoltAgent/awesome-design-md repository on GitHub. This is used to extract color palettes for the theme configuration. As this targets a well-known service (GitHub) and is used for its primary purpose of retrieving design metadata, it is considered a legitimate operation.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted markdown data from an external repository (DESIGN.md) that is subsequently processed by the agent.
  • Ingestion points: Remote DESIGN.md files fetched via WebFetch in Step 3.
  • Boundary markers: Absent; the agent is instructed to read and extract data without explicit delimiters or safety instructions regarding embedded content.
  • Capability inventory: The skill has access to Write, Edit, and Bash tools as defined in the frontmatter.
  • Sanitization: No specific sanitization or validation of the remote content is mentioned beyond extracting color-related data.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool and suggests standard development lifecycle commands such as npm run dev. These are contextually appropriate for a project setup wizard.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 07:43 AM