audit-frontend-design

Warn

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx -y @memi-design/cli@2.5.0 to download and execute code from the public npm registry. While the version is specifically pinned, this represents the execution of third-party remote code at runtime.
  • [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands using the npx utility. The workflow includes a command pattern npx ... craft audit . --screenshot <path> where <path> is intended to be supplied by the user. Interpolating user-controlled data directly into a shell command without sanitization creates a risk of command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 15, 2026, 05:12 PM