Skills
skills/yonatangross/orchestkit/design-to-code/Gen Agent Trust Hub

design-to-code

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface.
  • Ingestion points: The skill ingests untrusted data from external URLs (Stage 1) and the 21st.dev component registry (Stage 2) to generate code.
  • Boundary markers: No explicit instructions are provided to the agent to treat external content as data only or to ignore embedded instructions within the fetched HTML or components.
  • Capability inventory: The skill has Write, Edit, and Bash permissions, which are used to modify project source code based on the external input.
  • Sanitization: There is no evidence of sanitization or validation of external content before it is integrated into the codebase.
  • [EXTERNAL_DOWNLOADS]: Fetches design context and component definitions from well-known services.
  • Evidence: The skill integrates with Google's Stitch MCP (stitch.withgoogle.com) for design extraction and the 21st.dev registry for component matching.
  • [COMMAND_EXECUTION]: Performs automated file system and verification tasks.
  • Evidence: Uses Bash, Glob, and Grep for project context discovery and run-story-tests for component verification.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:03 AM