ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Privilege Escalation (HIGH): The file sub-skills/8-charts-data-low.md contains instructions for the AI to execute 'sudo apt update && sudo apt install python3'. Directing an agent to acquire administrative privileges is a high-risk behavior that can be exploited to compromise the host system.\n- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill workflow in 'sub-skills/step-2-generate-design-system-required.md' executes 'scripts/search.py'. This script attempts to import 'core' and 'design_system' modules which are missing from the provided skill files, making the actual logic executed unverified and potentially dangerous.\n- Indirect Prompt Injection (LOW): The skill ingests user search queries to generate design system recommendations, creating a potential surface for indirect injection.\n
- Ingestion points: Untrusted user input is passed directly to the search script as a command-line argument.\n
- Boundary markers: The 'format_output' function uses Markdown headers and list markers to structure the returned data, providing minimal isolation.\n
- Capability inventory: The agent is instructed to plan and build application code based on the search output, which involves file system operations and code synthesis.\n
- Sanitization: The script performs basic truncation of results to 300 characters but lacks robust content filtering or instruction-escaping mechanisms.
Recommendations
- AI detected serious security threats
Audit Metadata