designlang-design-extract
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation relies on executing the 'designlang' CLI tool via 'npx' and suggests global installation via 'npm install -g'. These operations execute third-party code from the npm registry with access to the user's environment.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download of the 'designlang' package from the npm registry and references a third-party GitHub repository ('Manavarya09/design-extract') for skill installation.\n- [CREDENTIALS_UNSAFE]: The documentation provides explicit examples for passing sensitive data, such as session cookies, API keys, and bearer tokens, directly as command-line arguments using the '--cookie' and '--header' flags. This can lead to credential exposure in process lists and shell history.\n- [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by design.\n
- Ingestion points: Data is crawled from external websites and saved into 'AI-optimized markdown' files (e.g., '*-design-language.md') for agent consumption.\n
- Boundary markers: Absent; there are no instructions or delimiters to isolate the untrusted external content from the agent's instructions.\n
- Capability inventory: The skill has remote code execution ('npx') and extensive file-system write capabilities.\n
- Sanitization: There is no evidence of sanitization to remove malicious instructions embedded in crawled content before it is presented to the LLM.
Audit Metadata