Skills
skills/yonatangross/orchestkit/design-import/Gen Agent Trust Hub

design-import

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted handoff bundles.\n
  • Ingestion points: Data enters the system from user-specified URLs (via WebFetch) or local JSON files (via Read).\n
  • Boundary markers: No delimiters or explicit protective instructions are used when passing bundle content, such as tsx_scaffold, to the frontend-ui-developer subagent.\n
  • Capability inventory: The skill and its delegated agents have the ability to write/edit files and execute shell commands using the Bash tool.\n
  • Sanitization: No sanitization or structural validation is performed on the natural language instructions or code fragments contained within the bundle before they are used in prompts.\n- [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to download content from arbitrary URLs provided by the user. The lack of domain whitelisting allows for potential SSRF or interaction with malicious servers.\n- [COMMAND_EXECUTION]: The skill utilizes the Bash tool and subagent delegation for project modification, creating an attack surface that could be exploited if the agent is manipulated by malicious bundle data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:03 AM