ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructions in
SKILL.mddirect the agent to execute shell commands using user-provided keywords (e.g.,python3 .../search.py "<keyword>"). This pattern is vulnerable to command injection where malicious users can execute arbitrary code on the host system using shell metacharacters like$()or backticks. - COMMAND_EXECUTION (HIGH): The skill requests privilege escalation by instructing the agent to use
sudofor software installation on Linux systems (sudo apt install python3), which grants the agent root access to the host. - PROMPT_INJECTION (HIGH): The skill is susceptible to indirect prompt injection through user-controlled input. Ingestion point: Step 1 requirements extraction from user requests. Boundary markers: Absent. Capability inventory: Shell execution via
python3script calls. Sanitization: None detected for the keyword interpolation in the shell command. - EXTERNAL_DOWNLOADS (LOW): Recommends installing Python via trusted package managers (
brew,apt,winget). Under [TRUST-SCOPE-RULE], these are considered trusted sources, but automated agent-led software installation is generally a poor security practice.
Recommendations
- AI detected serious security threats
Audit Metadata