designer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection through its core workflow. * Ingestion points: In SKILL.md, the '深度诊断' (Deep Diagnosis) phase explicitly requires reading existing code ('读取现有代码'). * Boundary markers: There are no instructions to use delimiters or treat ingested content as untrusted data, allowing embedded instructions in code comments to potentially hijack the agent's logic. * Capability inventory: The skill is designed for 'Meticulous execution' and provides 'Technical implementation' (CSS/JS code), meaning it can modify or generate executable files. * Sanitization: No sanitization or validation of the input code is performed, creating a risk where malicious design 'requirements' hidden in comments could influence the agent's output.
- [COMMAND_EXECUTION] (LOW): The README suggests using
claude skill install designer. While this appears to be a standard tool-specific installation command, manual installation of skills or execution of third-party installers should always be verified against official documentation.
Recommendations
- AI detected serious security threats
Audit Metadata