apple-hig-designer
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/generate_ios_component.sh' uses the 'eval' command to process user-provided input in the 'prompt_input' and 'prompt_select' functions. This constitutes a command injection vulnerability where a malicious string containing shell metacharacters could execute arbitrary code on the host system.
- Evidence: eval "$var_name='$input'" on line 50 and eval "$var_name='$opt'" on line 68.
- [COMMAND_EXECUTION]: The script 'scripts/generate_ios_component.sh' performs multiple file modifications using 'sed -i' with unsanitized variables. This allows for arbitrary file content manipulation or potential command execution through crafted 'sed' patterns.
- Evidence: Usage of '$COMPONENT_NAME' and '$FEATURES' in 'sed' commands within 'generate_swiftui_component' and 'generate_uikit_component' functions.
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected in design audit and validation scripts. These tools ingest external code files and use them in shell operations without proper boundary markers or sanitization, which could lead to manipulation of agent outputs or exploitation of script logic.
- Ingestion points: 'scripts/audit_accessibility.sh' and 'scripts/validate_design.sh' take file or directory paths as arguments.
- Boundary markers: Absent; the scripts directly grep through file contents.
- Capability inventory: Local file reading via 'grep', file discovery via 'find', and output generation to the agent.
- Sanitization: Absent; file paths and contents are used directly in shell commands without escaping.
Audit Metadata