audit-frontend-design
Warn
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx -y @memi-design/cli@2.5.0to download and execute code from the public npm registry. While the version is specifically pinned, this represents the execution of third-party remote code at runtime. - [COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands using the
npxutility. The workflow includes a command patternnpx ... craft audit . --screenshot <path>where<path>is intended to be supplied by the user. Interpolating user-controlled data directly into a shell command without sanitization creates a risk of command injection.
Audit Metadata