diagram-design-editorial
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions direct users to clone a repository from an unverified GitHub account (
github.com/cathrynlavery/diagram-design). Since the skill is loaded and executed from this untrusted third-party source, it constitutes a high-risk supply chain vector. - [COMMAND_EXECUTION]: The documentation requires users to execute several shell commands, including
git clone,ln -sfor symlinking, andopenfor local asset viewing, which involves direct interaction with the host system. - [PROMPT_INJECTION]: The brand onboarding feature fetches HTML from an arbitrary URL supplied by the user to extract style tokens, creating a surface for indirect prompt injection. Ingestion points: Website content fetched via the
onboardcommand. Boundary markers: No explicit delimiters or instructions to ignore embedded instructions are present in the processing logic. Capability inventory: The agent can fetch external URLs and write tokens to local files (references/style-guide.md). Sanitization: No sanitization or validation of the external HTML content is specified before the agent processes it for styling information. - [SAFE]: The skill references font delivery from
fonts.bunny.net, which is a well-known and recognized service for typography resources.
Recommendations
- AI detected serious security threats
Audit Metadata