Skills
skills/erichowens/some_claude_skills/design-system-generator/Gen Agent Trust Hub

design-system-generator

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scripts/match-trend.ts uses path traversal (../../../../) to read gallery-sources.json from a location outside the skill's own directory. This allows the script to access files in the host's filesystem that are not part of the skill package.
  • [COMMAND_EXECUTION]: The documentation instructs the user to run scripts via npx ts-node, which dynamically executes code and may download dependencies from external registries at runtime.
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by processing untrusted user input.
  • Ingestion points: The script scripts/match-trend.ts ingests design descriptions directly from command-line arguments.
  • Boundary markers: There are no boundary markers or instructions used to prevent the agent from following instructions embedded within the user's design description.
  • Capability inventory: The script performs filesystem reads and generates structured output used for design trend matching.
  • Sanitization: No input validation or sanitization is performed on the user-provided description before it is processed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 05:16 PM