cx-design
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands and vendor-provided scripts to manage the development environment and process documentation.
- Evidence: Uses
git rev-parse --show-toplevelto determine the project root directory. - Evidence: Executes
bash ${CLAUDE_PLUGIN_ROOT}/scripts/cx-worktree.shto perform worktree status checks. - Evidence: Executes
bash ${CLAUDE_PLUGIN_ROOT}/scripts/cx-workflow-design.shto finalize the design document through a shared runner. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through its document processing functions.
- Ingestion points: Reads untrusted requirement data from
需求.md(PRD file) in Step 1. - Boundary markers: Absent. The instructions do not define specific delimiters or warnings to ignore instructions embedded within the PRD.
- Capability inventory: Performs local file system reads/writes and executes shell scripts via
bash. - Sanitization: Absent. No explicit content validation or filtering of the input file content is implemented.
Audit Metadata