Skills
skills/bluzir/claude-code-design/use-design-system/Gen Agent Trust Hub

use-design-system

Warn

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill incorporates the $0 argument directly into shell commands (e.g., test and cp) without input sanitization, which can lead to command injection if the environment does not properly escape the string. Additionally, the command 'test' used in Step 2 is not explicitly listed in the allowed-tools frontmatter.
  • [DATA_EXFILTRATION]: A path traversal vulnerability exists via the $0 argument. An attacker could provide a path like '../../.ssh/' to trick the 'cp' command into copying sensitive files from the user's home directory into the project folder.
  • [PROMPT_INJECTION]: Reading the tokens.json file introduces an indirect prompt injection surface. 1. Ingestion points: ~/.claude/design-systems/$0/tokens.json in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Write, Bash(ls, mkdir, cp). 4. Sanitization: None identified.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 2, 2026, 02:20 PM