oma-design
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to fetch design templates from the community-maintained getdesign catalog. This process involves multiple network operations to registry.npmjs.org and getdesign.md to retrieve manifests and template files.
- [REMOTE_CODE_EXECUTION]: The execution protocol utilizes
bunx getdesign@latestto download and run a third-party command-line tool at runtime. This operation is unpinned, meaning it executes the most recent version of the community package without a specific version lock. - [COMMAND_EXECUTION]: The
resources/getdesign-fetcher.mdcomponent defines automated shell pipelines usingcurl,python3, andtarto parse npm registry metadata and extract template data into the agent's context. - [PROMPT_INJECTION]: As the skill ingests external Markdown content from the getdesign catalog, it implements a security boundary. It specifically instructs the agent to treat the fetched content as 'REFERENCE DATA ONLY' and to ignore any imperative instructions or role assignments found within the external files to prevent indirect prompt injection.
- [SAFE]: Integration with Google Stitch MCP is described as a trusted extension, utilizing official Google API endpoints and standard authentication practices.
Audit Metadata