claude-design-handoff-reader
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions describe the use of the
unziputility to process ZIP archives provided as input. - [EXTERNAL_DOWNLOADS]: The skill mentions processing bundles from URLs, including the vendor-related domain
cowork.mo.ai.kr. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external content (e.g., README.md, chat-history.md) without explicit boundary markers or instructions for the agent to ignore embedded commands.
- Ingestion points: Local file paths (ZIP or directory) and user-provided URLs.
- Boundary markers: None specified in the workflow instructions.
- Capability inventory: File system read access, ZIP extraction via shell command.
- Sanitization: No validation or sanitization of text content before analysis is mentioned.
Audit Metadata