awesome-design-md
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions frequently use
npx --yes getdesign@latestto download and run code directly from the NPM registry. This enables the execution of remote code at runtime without prior verification of the package content. - [EXTERNAL_DOWNLOADS]: The skill relies on external network requests to fetch the 'getdesign' package and various design templates from the VoltAgent ecosystem.
- [COMMAND_EXECUTION]: The workflow involves running shell commands to list templates, install design files, and verify filesystem state, which can be exploited if the inputs (like design slugs) are manipulated.
- [PROMPT_INJECTION]: The skill introduces a risk of indirect prompt injection by ingesting externally provided
DESIGN.mdfiles and instructing the agent to treat them as a 'source of truth' for implementation decisions. - Ingestion points: The
DESIGN.mdfile is written to the project's root directory via an external tool. - Boundary markers: Absent. There are no delimiters or instructions to ignore potential commands embedded within the design file.
- Capability inventory: The agent possesses file system access, shell execution capabilities, and network access.
- Sanitization: The skill does not include any validation or sanitization steps for the content retrieved from the external design repository.
Audit Metadata