design-lab
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to run their project's development server (e.g.,
pnpm dev,npm run dev) to view the generated design variations. While the agent does not execute these commands directly, it relies on their execution to provide the preview functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the feedback synthesis phase. The agent processes and acts upon unstructured text pasted by the user from an external browser-based overlay. If this overlay content were compromised or if a user were tricked into pasting malicious instructions, the agent could be manipulated during the code generation or file cleanup phases.
- Ingestion points: User-pasted feedback block in Phase 5 (Manual or Interactive Feedback).
- Boundary markers: The instructions lack explicit boundary markers or 'ignore' directives to separate user-provided feedback from the agent's core instructions.
- Capability inventory: The skill possesses significant capabilities including reading project configuration files, writing React/Framework code to the filesystem, and recursively deleting directories (
.claude-design/). - Sanitization: No sanitization or validation logic is defined for the pasted feedback before it is used to guide the 'Synthesize New Variant' (Phase 6) or 'Finalize' (Phase 8) operations.
Audit Metadata