Skills
skills/bitjaru/styleseed/ss-setup/Gen Agent Trust Hub

ss-setup

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through external data ingestion.
  • Ingestion points: The WebFetch tool is used in Step 3 to retrieve DESIGN.md files from a remote GitHub repository (github.com/VoltAgent/awesome-design-md).
  • Boundary markers: The instructions do not define boundary markers or include warnings for the agent to ignore embedded instructions within the fetched markdown content.
  • Capability inventory: Across its functions, the skill has access to Write, Edit, and Bash tools, which could be exploited if an attacker successfully injects instructions via a design file to perform unauthorized file modifications.
  • Sanitization: There is no specified sanitization or validation of the fetched markdown content before the agent parses it for design values.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves content from external sources to perform project configuration.
  • Unsanitized URL construction: In Step 3, the URL template https://raw.githubusercontent.com/VoltAgent/awesome-design-md/main/design-md/[brand]/DESIGN.md incorporates user-supplied input ([brand]) without validation. This could allow for path traversal (e.g., using ../../) to fetch files from other repositories on GitHub.
  • Well-known services: The skill fetches font assets from established providers including Google Fonts and JSDelivr, which is standard behavior for project setup.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 07:02 AM