design-md
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npxto fetch and execute external packages from the NPM registry. It callsnpx getdesign@latestto fetch brand-specific design systems andnpx @google/design.mdto perform linting and token export. While the Google package is from a trusted organization, the getdesign package is an unvetted third-party utility. - [EXTERNAL_DOWNLOADS]: The skill downloads design documentation files from remote sources using the
getdesignutility. This is a primary feature used to populate the local design library. - [COMMAND_EXECUTION]: The skill runs local shell and Python scripts for operational tasks. Specifically,
fetch_all_design_md.shmanages the fetching of library assets, andgenerate_design_md.pyprocesses local project files to extract CSS tokens. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted CSS data from the project environment to generate design documentation.
- Ingestion points: The
generate_design_md.pyscript reads any CSS files found within the project path provided by the user. - Boundary markers: The resulting
DESIGN.mdfile does not utilize specific boundary markers or instructions to isolate the extracted tokens from the agent's reasoning context. - Capability inventory: The skill can execute shell scripts, run Python logic, and initiate network requests via NPM tools.
- Sanitization: The Python script applies regular expressions to extract specific property patterns (like hex colors or font families), which provides implicit filtering of the ingested content.
Audit Metadata