design
Warn
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of external code from an unverified third-party author through the use of the
npxpackage runner. - Evidence: Found in
SKILL.mdandreferences/design-reference.md, recommending the commandnpx getdesign@latest add <brand>. - Context: This command downloads and executes the
getdesignpackage from the NPM registry to retrieve design tokens. Although the instructions mandate explicit user approval before execution, it introduces a dependency on code from an unverified source (VoltAgent). - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to inspect the local filesystem and interact with project files.
- Evidence:
SKILL.mddirects the agent to "grep for the component name or class" and "read the actual file" to identify UI logic and styles. - [EXTERNAL_DOWNLOADS]: The skill triggers network requests to fetch external configuration data.
- Evidence: The brand preset functionality retrieves files from the
VoltAgent/awesome-design-mdrepository on GitHub. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external content.
- Ingestion points: The agent ingests user-provided screenshots and source code files from local repositories as described in the "Screenshot Iteration Mode" and "Source repo as reference" sections of
SKILL.md. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the source code or screenshots being analyzed.
- Capability inventory: The agent possesses the capability to read any file in the workspace, use search tools (
grep), and execute shell commands likenpx(subject to user confirmation). - Sanitization: No sanitization or validation of the content within processed files or images is mentioned in the skill instructions.
Audit Metadata