Webdesign
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various system commands and third-party CLIs including
interceptor,unzip,git,patch, and deployment tools (wrangler,vercel,netlify,gh) to perform its core orchestration and automation tasks. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of 'handoff bundles' (ZIP files) from the
claude.aidomain, which are then extracted locally for processing. This is a standard part of the Claude Design workflow. - [SAFE]: The skill implements defensive security measures, specifically an automated grep-based scan for hardcoded secrets (API keys, private keys, tokens) before code is built and deployed to production hosts.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from arbitrary live URLs (in the redesign workflow) and local codebases. This data is incorporated into prompts sent to the vision model. This risk is inherent to the skill's primary purpose and is managed by the model's underlying safety guardrails.
- Ingestion points:
Workflows/WebsiteToRedesign.md(live URL capture),Workflows/ExtractDesignSystem.md(codebase analysis). - Boundary markers: Prompts utilize structured sections (e.g., PURPOSE, AESTHETIC, CONSTRAINTS) but do not explicitly use 'ignore previous instructions' style delimiters.
- Capability inventory:
Bun.spawn(inTools/),patch,git,unzip, and various deployment CLIs. - Sanitization: None explicitly documented for external HTML/code content.
Audit Metadata