design
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to run
npx getdesign@latest add <brand>, which downloads and executes a package from the NPM registry. This constitutes remote code execution from an unverified source. - [COMMAND_EXECUTION]: The skill uses shell commands, specifically
grepfor searching source code andnpxfor package execution, to perform its tasks. - [EXTERNAL_DOWNLOADS]: The skill references and downloads content from external sources, including the
getdesignNPM package and theVoltAgent/awesome-design-mdGitHub repository. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external repositories and user screenshots. * Ingestion points: User-provided repository URLs, screenshots, and pasted source code (SKILL.md). * Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potential instructions within the external data. * Capability inventory: Access to shell commands (
grep,npx) and the ability to read project files (theme.ts,colors.ts, etc.). * Sanitization: There is no evidence of sanitization or validation of the ingested external content.
Recommendations
- AI detected serious security threats
Audit Metadata