design
Warn
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to run
npx getdesign@latest add <brand>, which downloads and executes a package from the npm registry. While the instructions require explicit user approval and forbid automatic execution, this pattern allows for the execution of remote code from an unverified third-party source. - [COMMAND_EXECUTION]: The agent is instructed to use shell commands like
grepto scan the local repository for component names and class definitions to extract design information. - [EXTERNAL_DOWNLOADS]: The skill references multiple external GitHub repositories as sources for its design rules, benchmarks, and brand presets, including
VoltAgent/awesome-design-md,pbakaus/impeccable, andLeonxlnx/taste-skill. These are not from verified or trusted organizations. - [PROMPT_INJECTION]: The skill's workflow involves processing untrusted data from user-provided screenshots and existing repository source code, creating a surface for indirect prompt injection.
- Ingestion points: User-uploaded images (screenshots) and local source files (e.g.,
theme.ts,colors.ts). - Boundary markers: Absent. There are no instructions provided to the agent to differentiate between legitimate design information and malicious directives potentially embedded in the processed data.
- Capability inventory: The agent has the ability to read local files, execute shell commands (grep), and perform remote code execution via npx.
- Sanitization: Absent. The skill does not specify any validation or sanitization steps for data extracted from visual or code-based inputs before it is used to influence the agent's output.
Audit Metadata