Skills
skills/brite-nites/brite-claude-plugins/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill contains instructions to execute high-risk commands with administrative privileges, specifically using sudo apt update && sudo apt install python3 to set up the environment.
  • [COMMAND_EXECUTION]: The skill's workflow depends on the execution of a local Python script (skills/ui-ux-pro-max/scripts/search.py) using the python3 command.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download and installation of external software (Python 3) from official system repositories through package managers like APT, Homebrew, and Winget.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by passing unvalidated user inputs (product types, keywords, industries) directly as arguments to a command-line interface tool.
  • Ingestion points: User-provided query strings in the search.py command (SKILL.md)
  • Boundary markers: None present in the instructions
  • Capability inventory: Execution of local scripts and file system write operations (SKILL.md)
  • Sanitization: No input validation or sanitization is mentioned or performed before passing variables to the subprocess call
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 11, 2026, 07:13 AM