design
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads design presets from the 'VoltAgent/awesome-design-md' GitHub repository using the 'npx getdesign' command.
- [REMOTE_CODE_EXECUTION]: The instruction set explicitly includes the command
npx getdesign@latest add <brand>, which downloads and executes code from the npm registry. The skill mitigates this risk by instructing the agent to never auto-run the command and to only proceed with explicit user approval. - [COMMAND_EXECUTION]: The agent is instructed to use
grepto search the local file system for component names or classes to ensure design changes are applied to the correct files. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) because it reads and processes external data, including user-provided screenshots and existing source code files (e.g.,
theme.ts,colors.ts,tokens.css). - Ingestion points: Reads local theme files, global stylesheets, and user-pasted source code to extract design tokens.
- Boundary markers: None explicitly defined for project source code analysis; however, the agent is instructed to only lift exact values like hex codes and font stacks.
- Capability inventory: Uses
grepfor file searching andnpxfor remote preset fetching (requires approval). - Sanitization: No specific sanitization or filtering of the ingested source code content is mentioned.
Audit Metadata