design
Warn
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends using
npx getdesign@latest add <brand>to fetch external design presets. This involves downloading and executing arbitrary code from the npm registry at runtime. While the instructions require the agent to seek user approval, the command still executes logic from an unverified third-party source. - [COMMAND_EXECUTION]: Shell commands including
grepandnpxare utilized with parameters (such as brand names, component names, or classes) derived from user input or external files. This creates a surface for command injection or path traversal if the agent fails to sanitize these inputs before execution. - [EXTERNAL_DOWNLOADS]: The skill refers to downloading configuration and design tokens from the
VoltAgent/awesome-design-mdrepository on GitHub. This is an external dependency on an unverified third-party source. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core workflow of processing external source code and screenshots without proper safety boundaries.
- Ingestion points: The skill reads user-provided screenshots and source code files (e.g.,
theme.ts,colors.ts,tokens.css) from repository URLs or direct pastes. - Boundary markers: Absent. There are no instructions to the agent to treat content from these external files as untrusted or to ignore any embedded instructions.
- Capability inventory: The skill possesses broad capabilities including shell command execution (
grep,npx), file read/write operations, and browser-based rendering/verification. - Sanitization: Absent. No content validation, escaping, or filtering is specified for the external data before it is processed or used to construct commands.
Audit Metadata