design-inspiration
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a shell command via
bun runto process design data into an external gallery backend. - Evidence:
bun run ~/.agents/skills/laniameda-gallery-ingest/scripts/ingest.ts '<payload-json>'in SKILL.md. - [REMOTE_CODE_EXECUTION]: The skill relies on and executes a TypeScript script sourced from an external repository.
- Evidence: Usage of
ingest.tslocated in a separately installed skill directory. - [EXTERNAL_DOWNLOADS]: The skill recommends installing a dependency from a specific GitHub repository.
- Evidence:
bunx skills add https://github.com/laniamedaHQ/laniameda-gallery/tree/main/skills/laniameda-gallery-ingestin SKILL.md. - [DATA_EXFILTRATION]: Transfers design metadata, URLs, and image paths to the
laniameda.galleryservice. - Evidence: The ingest workflow configured to send data to the
CONVEX_URLbackend. - [CREDENTIALS_UNSAFE]: Contains a hardcoded user identifier used for identifying the gallery owner.
- Evidence:
KB_OWNER_USER_ID=278674008in SKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted files in the references directory.
- Ingestion points: Reads all image and markdown files in
/mnt/skills/user/design-inspiration/references/(SKILL.md). - Boundary markers: Absent. There are no instructions for the agent to distinguish between design constraints and malicious instructions within these files.
- Capability inventory: Shell command execution (
bun run), file listing (ls), and file reading (view). - Sanitization: Absent. The agent is directed to "internalize" the content and apply it directly to code generation tasks.
Audit Metadata