Skills
skills/tdimino/claude-code-minoan/paper-design/Gen Agent Trust Hub

paper-design

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes scripts for local environment configuration and diagnostics. \n
  • scripts/setup.sh executes claude mcp add to register the local MCP endpoint.\n
  • scripts/health-check.py uses subprocess.run to call pgrep and claude mcp list to verify the application status and registration.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through ingested design content.\n
  • Ingestion points: Untrusted design data (HTML, JSX, text) enters the context via tools such as get_node_info, get_jsx, and get_tree_summary as documented in SKILL.md and references/tool-reference.md.\n
  • Boundary markers: No delimiters or instructions are used to distinguish design content from system instructions or to ignore embedded commands.\n
  • Capability inventory: The skill possesses the capability to modify design state via write_html and update_styles, and it includes scripts capable of system command execution.\n
  • Sanitization: There is no evidence of content sanitization or validation for the data retrieved from the design artboards.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 07:48 PM