ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled Python script (
search.py) to process design queries and generate recommendations. - [COMMAND_EXECUTION]: The setup instructions include
sudo apt install, which requires the agent to execute commands with administrative privileges. - [COMMAND_EXECUTION]: The skill includes functionality to write files to the local system (e.g.,
design-system/MASTER.md) when the persistence flag is used. - [COMMAND_EXECUTION]: The skill uses relative path traversal (
../../../) in its directory references to access data and scripts located outside its own directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user input as command-line arguments.
- Ingestion points: User-provided queries are passed directly to the
search.pyscript as documented inSKILL.md. - Boundary markers: No delimiters or 'ignore' instructions are used when interpolating user input into the command string.
- Capability inventory: The skill possesses script execution and file writing capabilities.
- Sanitization: There is no evidence of input validation or output filtering for the user-provided strings.
Recommendations
- AI detected serious security threats
Audit Metadata