ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute local Python scripts (
scripts/search.pyandscripts/design_system.py) to function. - The
persist_design_systemfunction inscripts/design_system.pyconstructs file paths using user-provided strings for the project and page names. - It lacks sanitization for directory traversal sequences such as
../. A maliciously crafted project name could cause the agent to write markdown files to arbitrary locations outside of the intendeddesign-system/directory. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions for users to download and install the Python runtime using standard and official system package managers such as
brew,apt, andwinget. - [PROMPT_INJECTION]: While the skill contains many instructional patterns, these are benign and aligned with the primary purpose of guiding design work. However, the hierarchical 'Master + Overrides' pattern creates a surface for indirect prompt injection where data from the local CSV database is formatted into high-authority markdown files (
MASTER.md) that are intended to strictly govern subsequent agent behavior without explicit boundary markers or sanitization.
Audit Metadata