design-md-validator
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The bundled script
scripts/validate_design_md.mjsexecutes shell commands using Node.jsspawnSync. It specifically runs thenpxcommand to interface with the@google/design.mdCLI tool. - [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run the@google/design.mdpackage from the NPM registry. This package is maintained by a trusted organization. - [REMOTE_CODE_EXECUTION]: The skill executes remote code by pulling the linting tool from a public registry at runtime. This is standard behavior for the tool's intended purpose.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and interprets findings from untrusted
DESIGN.mdfiles. - Ingestion points: File content from
DESIGN.mdis read by the agent and processed by the validation script. - Boundary markers: The skill does not define specific delimiters or warnings to ignore instructions that might be embedded within the files being validated.
- Capability inventory: The agent can execute a local script which has the ability to run subprocesses.
- Sanitization: The validation script passes file paths to
spawnSyncas an array of arguments, which prevents common shell-based command injection attacks.
Audit Metadata