ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill directs the agent to use
run_shell_commandto execute a local script (.shared/ui-ux-pro-max/scripts/search.py) with arguments generated from the user's prompt. - Evidence: The workflow (Step 2 and Step 3) repeatedly uses the pattern
python3 .shared/ui-ux-pro-max/scripts/search.py "<keyword>"where<keyword>is extracted from user requirements. - Risk: If a user provides malicious input containing shell metacharacters (e.g.,
;,|,`) and the agent extracts it verbatim as a keyword, it could lead to arbitrary command execution on the host system. - [Indirect Prompt Injection] (LOW):
- Ingestion points: User-provided text describing UI/UX products, styles, and industries (File: SKILL.md).
- Boundary markers: Absent. The skill does not provide delimiters or instructions for the agent to distinguish between user data and its own operational instructions.
- Capability inventory: Shell execution (
python3) and file creation/modification (implied in the "build/implement" actions). - Sanitization: Absent. No instructions are provided for the agent to validate or escape the extracted keywords before they are used in a shell context.
Audit Metadata