designer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The script
scripts/remove_background.pyperforms a local installation ofrembg,onnxruntime, andpillowusingpip install --targetif they are not present. While these are legitimate packages, runtime installation is a potential attack vector. - EXTERNAL_DOWNLOADS (LOW): The
references/review.mdfile directs the agent to fetch UI auditing guidelines fromhttps://raw.githubusercontent.com/vercel-labs/web-interface-guidelines/main/command.md. Per the [TRUST-SCOPE-RULE], this is classified as LOW severity becausevercel-labsis a trusted organization. - COMMAND_EXECUTION (LOW): The skill executes
python3 .agent/skills/designer/scripts/remove_background.pyto process images and usessubprocess.check_callwithin that script to manage local dependencies. - DYNAMIC_EXECUTION (LOW): The
remove_background.pyscript dynamically modifiessys.pathand usesimportlib.invalidate_caches()to integrate the locally installed libraries into the runtime environment. - INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a vulnerability surface for indirect prompt injection.
- Ingestion points:
references/review.mdinstructs the agent to retrieve external guidelines viaread_url_content. - Boundary markers: Absent; the fetched content is treated as authoritative instructions for the auditing task.
- Capability inventory: The skill can execute subprocesses, write files, and use the
generate_imagetool. - Sanitization: No sanitization or validation of the fetched URL content is performed before processing.
Audit Metadata