ux-researcher-designer
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is designed to ingest and process untrusted external data (user interviews and behavior patterns) to generate personas and design implications.
- Ingestion points: The script
scripts/persona_generator.pyaccepts a JSON payload as an argument, likely containing raw user research data. - Boundary markers: There are no documented boundary markers or instructions to treat the JSON content as untrusted data.
- Capability inventory: The skill possesses the capability to execute local Python scripts (
python scripts/persona_generator.py) and synthesize research into design decisions. - Sanitization: No sanitization or validation logic is mentioned to prevent instructions embedded within interview transcripts from being interpreted by the agent.
- [Command Execution] (MEDIUM): The skill relies on executing a local Python script with arguments derived from user data.
- Evidence: The usage pattern
python scripts/persona_generator.py [json]indicates the agent will spawn a subprocess to handle data processing. - Risk: Without strict validation of the
[json]argument, there is a risk of command injection or unexpected script behavior if the JSON structure is malformed or contains malicious payloads.
Recommendations
- AI detected serious security threats
Audit Metadata