claude-design-handoff-reader

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions describe the use of the unzip utility to process ZIP archives provided as input.
  • [EXTERNAL_DOWNLOADS]: The skill mentions processing bundles from URLs, including the vendor-related domain cowork.mo.ai.kr.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external content (e.g., README.md, chat-history.md) without explicit boundary markers or instructions for the agent to ignore embedded commands.
  • Ingestion points: Local file paths (ZIP or directory) and user-provided URLs.
  • Boundary markers: None specified in the workflow instructions.
  • Capability inventory: File system read access, ZIP extraction via shell command.
  • Sanitization: No validation or sanitization of text content before analysis is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:27 AM
Security Audit — agent-trust-hub — claude-design-handoff-reader