ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to acquire administrative privileges by using
sudoon Linux systems to install Python dependencies. - [COMMAND_EXECUTION]: The skill constructs and executes shell commands that interpolate user-provided strings directly (
python3 .../search.py "<product_type> <industry> <keywords>"), which is a known pattern for command injection vulnerabilities if the input contains shell metacharacters. - [EXTERNAL_DOWNLOADS]: The skill automates the installation of external software through system package managers like
apt,brew, andwingetacross different operating systems. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through its 'Master + Overrides' pattern where user-influenced search results are persisted to
design-system/MASTER.mdand later used to determine agent behavior without sanitization or boundary markers. - Ingestion points: User-supplied search queries for design systems.
- Boundary markers: Absent; instructions do not specify the use of delimiters when reading from the master or page-specific files.
- Capability inventory: File system write access via the
--persistflag, file read access for hierarchical retrieval, and shell command execution. - Sanitization: No sanitization or validation of the search query or the persisted content is mentioned in the workflow.
Recommendations
- AI detected serious security threats
Audit Metadata