cc-design-html-prototyping
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the skill source code and dependencies from standard sources. Clones the skill repository from GitHub (ZeroZ-lab/cc-design). Installs Node.js dependencies using npm install within the skill scripts directory. Downloads Chromium browser binaries via npx playwright install for automated testing. Fetches design system tokens from the vendor domain getdesign.md for brand style cloning. Loads frontend libraries (React, Babel, Tailwind CSS) from well-known CDNs including unpkg.com and cdn.tailwindcss.com.\n- [COMMAND_EXECUTION]: Executes local scripts and automated browser tasks as part of the design workflow. Runs local Node.js scripts (gen_pptx.js, open_for_print.js, super_inline_html.js) to process and export design artifacts. Utilizes the Playwright automation library to launch a browser, verify prototype rendering, and generate screenshots (preview.png).\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external content. \n
- Ingestion points: Reads code and design tokens from the local repository and the external getdesign.md service.\n
- Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded in the design tokens or repository files.\n
- Capability inventory: Includes file system writes, network requests (via git, npm, and fetch), and command execution via node and playwright.\n
- Sanitization: No explicit sanitization or validation of the fetched design tokens or repository content before interpolation into the design process.
Audit Metadata