design-html
Design finalization: generates production-quality Pretext-native HTML/CSS. Works with approved mockups from /design-shotgun, CEO plans from /plan-ceo-review, design review context from /plan-design-review, or from scratch with a user description. Text actually reflows, heights are computed, layouts are dynamic. 30KB overhead, zero deps. Smart API routing: picks the right Pretext patterns for each design type. Use when: "finalize this design", "turn this into HTML", "build me a page", "implement this design", or after any planning skill. Proactively suggest when user has approved a design or has a plan ready. (gstack) Voice triggers (speech-to-text aliases): "build the design", "code the mockup", "make it real".
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.70). The skill's runtime workflow explicitly falls back to importing Pretext from a public CDN ("https://esm.sh/@chenglou/pretext") when the vendored pretext.js is missing (Step 3 Pretext Source Embedding), and those remote scripts will run during preview/verification (browse/screenshot) and can therefore influence rendered output that the agent uses to decide edits—i.e., it fetches and executes untrusted third‑party code as part of its workflow.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill's setup flow includes a runtime sequence that downloads and executes the bun installer script (curl -fsSL "https://bun.sh/install" -o "$tmpfile" && BUN_VERSION="$BUN_VERSION" bash "$tmpfile"), which fetches and runs remote code as part of required setup—https://bun.sh/install.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill instructs the agent to run many shell commands that write files, edit the repo, run installs (including a curl-based bun installer), start servers, and commit/remove vendored files — all of which mutate the host filesystem and runtime — but it does not request sudo, edit system-level config (ssh/systemctl/ /etc), or create new users.
- Repository
- garrytan/gstack
- Commit
db9447c
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.