appshots-design-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents and encourages the execution of numerous CLI commands for the appshots tool to manage design states, apply styles, and export files. This behavior is consistent with the stated purpose of a design workflow skill.
- [PROMPT_INJECTION]: The workflow incorporates user-provided text strings into design commands (e.g., via the --text argument). While this creates a surface for indirect prompt injection, it is a necessary feature for a screenshot design tool and is used within standard command parameters.
- [DATA_EXPOSURE]: The skill references local file system operations, such as importing image files and exporting sets to the desktop. These actions are standard for design software and do not involve unauthorized access or exfiltration of sensitive data.
Audit Metadata