insane-design-build
Warn
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill dynamically generates and executes a Python script using a heredoc (`python3
- <<'PY'`) to perform screenshot verification via Playwright. This pattern of executing runtime-constructed scripts is a significant security risk.
- [COMMAND_EXECUTION]: The skill automatically executes platform-specific browser commands (
open,xdg-open,start) to display generated HTML files. This behavior bypasses manual user review of the generated files before they are interpreted and executed by a web browser. - [PROMPT_INJECTION]: The 'Identity' section employs 'Persona Lock-in' techniques, instructing the agent to ignore user requests for neutral options and to 'never hedge'. These instructions are designed to override the agent's default balanced decision-making behavior.
- [DATA_EXPOSURE]: The skill uses broad filesystem globbing (
Glob "${CLAUDE_PLUGIN_ROOT}/skills/insane-design/examples/*/design.md") to find configuration files. While restricted to the plugin directory, this pattern can be used to scan for and expose file structures.
Audit Metadata