graphicode-designer-common
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'which' command to locate static server binaries and executes them as background processes. It also performs automated 'git commit' operations.
- [EXTERNAL_DOWNLOADS]: It instructs the agent to suggest the installation of the 'local-web-server' package via NPM if no server is available.
- [DATA_EXFILTRATION]: By launching a web server at the project root, the skill creates a risk of exposing project files to the local network or shared hosting environments.
- [PROMPT_INJECTION]: The skill reads and parses untrusted HTML and TSX files to extract data for generating index pages and applying design changes. Ingestion points: Playground 'index.html' and scene files. Boundary markers: Absent; no delimiters are used to isolate untrusted content. Capability inventory: Full filesystem write access and shell command execution. Sanitization: No validation or escaping is performed on data extracted from external files before processing.
Audit Metadata