design
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to offer or execute
npx getdesign@latest add <brand>to retrieve design presets from theVoltAgent/awesome-design-mdrepository. Executing unversioned code from an untrusted third-party source poses a supply chain risk, although the skill includes a mitigation requiring explicit user approval before execution.\n- [COMMAND_EXECUTION]: The skill uses shell commands likegrepto find specific component names or classes within the local file system. This capability allows the agent to interact directly with the host environment's shell.\n- [DATA_EXFILTRATION]: The skill is designed to read and analyze local source files (e.g.,theme.ts,colors.ts,tokens.css) and process user-provided screenshots. While these operations are necessary for design analysis, they involve accessing sensitive project data that could potentially be exposed if the agent is compromised.\n- [PROMPT_INJECTION]: The skill processes untrusted external data, creating an attack surface for indirect prompt injection.\n - Ingestion points: Reads local source code files and processes user-supplied screenshots/images in 'Screenshot Iteration Mode' (file:
SKILL.md).\n - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to ignore instructions embedded within the processed code or image metadata.\n
- Capability inventory: The agent can execute shell commands (
grep), run remote Node.js packages (npx), and modify local source files (file:SKILL.md,references/design-reference.md).\n - Sanitization: Absent. No validation or sanitization steps are defined for the data ingested from the external repository or screenshots.
Audit Metadata