Skills
skills/popmechanic/vibes-cli/design/Gen Agent Trust Hub

design

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local build script (assemble.js) via the bun runtime. The path to the script is derived from environment variables (CLAUDE_PLUGIN_ROOT or CLAUDE_SKILL_DIR), which is a standard pattern for local development tools to locate their internal dependencies.
  • [PROMPT_INJECTION]: The skill processes external, potentially untrusted HTML content (design.html) to generate code. This creates a surface for indirect prompt injection, where malicious instructions could be embedded in the HTML to influence the agent's output.
  • Ingestion points: Reads the content of design.html to perform the transformation.
  • Boundary markers: The skill instructs the agent to treat the input as "source code to transform" rather than "inspiration to interpret," which provides a logical boundary, though no technical delimiters are used during the read operation.
  • Capability inventory: The agent has access to Read, Write, and Bash tools, which could be misused if the transformation process is compromised.
  • Sanitization: There is no explicit sanitization of the input HTML; however, the structured transformation rules (e.g., changing class to className) mitigate some risk by forcing a specific code structure.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:24 PM
Security Audit — agent-trust-hub — design