Skills
skills/pedronauck/skills/design-spec-extraction/Gen Agent Trust Hub

design-spec-extraction

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The execution instructions for the skill use unvalidated input in a shell command: 'mkdir -p .tmp-design-specs/{project-name}'. This allows an attacker to execute arbitrary commands by crafting a malicious project name.
  • [COMMAND_EXECUTION]: The skill uses the 'Write' and 'Read' tools with file paths containing the '{project}' variable, such as '.tmp-design-specs/{project}/pass-1-layout.json'. The lack of validation for this variable enables directory traversal and unauthorized file system access.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from text contained within the analyzed screenshots. The prompts for subtask agents (Passes 1-6) do not include instructions to treat text within the 'attached image' as untrusted or to ignore embedded commands.
  • [PROMPT_INJECTION]: Ingestion points: 'attached image' in Pass 1-6 agent prompts within SKILL.md.
  • [PROMPT_INJECTION]: Boundary markers: Absent.
  • [PROMPT_INJECTION]: Capability inventory: 'Write', 'Read', shell command execution, and 'teams' delegation.
  • [PROMPT_INJECTION]: Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 01:53 AM