Skills
skills/starchild-ai-agent/community-skills/@1892/starchild-design-pack/Gen Agent Trust Hub

@1892/starchild-design-pack

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Potential path traversal vulnerability in the file persistence logic.
  • The persist_design_system function in scripts/design_system.py uses the project_name parameter to construct a directory path without sanitizing directory traversal characters (e.g., ../).
  • This allows the script to create directories and write markdown files outside the intended design-system/ folder if a malicious project name is provided.
  • This logic is reachable via the CLI tool in scripts/search.py when using the --persist flag.
  • [EXTERNAL_DOWNLOADS]: Reference to external guidelines from a trusted source.
  • The file references/web-interface-guidelines-source.md points to an official Vercel Labs repository for fetching rules.
  • This reference targets a well-known and trusted organization and is documented neutrally without escalating the verdict.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 12:49 PM
Security Audit — agent-trust-hub — @1892/starchild-design-pack