ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute
sudo apt install python3on Linux systems. Requesting administrative privileges for environment setup is a high-risk operation that bypasses standard user constraints. - [COMMAND_EXECUTION]: The skill workflow involves executing a local Python script (
scripts/search.py) using arguments directly derived from user input strings (e.g.,<product_type> <industry> <keywords>). This pattern is susceptible to command injection if the underlying script or the agent's execution method does not properly sanitize shell-sensitive characters. - [COMMAND_EXECUTION]: The skill references critical resource folders (
dataandscripts) using relative paths (../../../src/...) that point outside the skill's own directory. This allows the skill to access and potentially execute code from the broader parent environment. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by instructing the agent to read and prioritize instructions from dynamically generated files (
design-system/MASTER.mdanddesign-system/pages/*.md). Ingestion points: Files generated in thedesign-system/directory. Boundary markers: None identified in the provided workflow. Capability inventory: Subprocess execution of Python scripts and file system write operations. Sanitization: No explicit sanitization or validation of the generated content is described before the agent is instructed to read it as a source of truth. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install software using system package managers like Homebrew, apt, and winget. These operations involve fetching and executing code from external repositories during the prerequisite phase.
Audit Metadata