design-generator

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill relies on npx musubix across its primary workflows. This command downloads and executes a package from the public npm registry at runtime. Because the package is not version-pinned and the source is not a recognized trusted vendor, this introduces a risk of supply chain compromise where the executed logic could be changed without notice.
  • [EXTERNAL_DOWNLOADS]: The skill initiates downloads from the npm registry during execution to fetch the required CLI tools. While the registry itself is a well-known service, the packages being fetched are not verified dependencies.
  • [COMMAND_EXECUTION]: All provided shell scripts (generate.sh, c4.sh, verify.sh, decision.sh) pass command-line arguments directly to the underlying tool using the "$@" pattern. This can lead to argument injection if user-provided input is passed to these scripts without prior validation.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes requirement documents. 1. Ingestion points: Requirement files located in storage/specs/REQ-*.md. 2. Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded within these data files. 3. Capability inventory: The skill can execute shell commands via scripts in the scripts/ directory. 4. Sanitization: There is no evidence of sanitization or content validation for the requirements data before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 02:36 AM
Security Audit — agent-trust-hub — design-generator