skills/tw93/waza/design/Gen Agent Trust Hub

design

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of external code from an unverified third-party author through the use of the npx package runner.
  • Evidence: Found in SKILL.md and references/design-reference.md, recommending the command npx getdesign@latest add <brand>.
  • Context: This command downloads and executes the getdesign package from the NPM registry to retrieve design tokens. Although the instructions mandate explicit user approval before execution, it introduces a dependency on code from an unverified source (VoltAgent).
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to inspect the local filesystem and interact with project files.
  • Evidence: SKILL.md directs the agent to "grep for the component name or class" and "read the actual file" to identify UI logic and styles.
  • [EXTERNAL_DOWNLOADS]: The skill triggers network requests to fetch external configuration data.
  • Evidence: The brand preset functionality retrieves files from the VoltAgent/awesome-design-md repository on GitHub.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content.
  • Ingestion points: The agent ingests user-provided screenshots and source code files from local repositories as described in the "Screenshot Iteration Mode" and "Source repo as reference" sections of SKILL.md.
  • Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the source code or screenshots being analyzed.
  • Capability inventory: The agent possesses the capability to read any file in the workspace, use search tools (grep), and execute shell commands like npx (subject to user confirmation).
  • Sanitization: No sanitization or validation of the content within processed files or images is mentioned in the skill instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 05:26 PM