design-html
Fail
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The preamble uses complex shell logic, including 'eval' and 'source' commands to execute output from local vendor binaries for environment setup and configuration.
- [EXTERNAL_DOWNLOADS]: The skill contains logic to download the Bun runtime installer from 'https://bun.sh/install' as a progressive enhancement if the environment is not prepared.
- [REMOTE_CODE_EXECUTION]: Downloaded scripts are executed via bash. This risk is mitigated by mandatory SHA-256 checksum verification and the use of a well-known service domain for the source.
- [DATA_EXFILTRATION]: The skill supports opt-in telemetry and a 'GBrain Sync' feature that can transmit session metadata and artifacts to a private remote repository. Both require explicit user consent via interaction with the 'AskUserQuestion' tool.
- [PROMPT_INJECTION]: Instructions include directives to treat the skill file as executable commands and prioritize skill-specific logic over standard agent behaviors.
- [PROMPT_INJECTION]: The skill is susceptible to indirect injection as it processes untrusted external data.
- Ingestion points: User-provided descriptions and design mockups read via the 'Read' tool.
- Boundary markers: The workflow utilizes structured phases such as 'Implementation spec' and 'Design Analysis' to separate input processing from code generation.
- Capability inventory: Extensive capabilities including 'Bash', 'Write', and 'Edit' tools are available to the skill to manipulate the local filesystem and execute commands.
- Sanitization: No explicit sanitization or escaping of external content is defined before interpolation into prompts.
Recommendations
- HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata