Skills
skills/draculabo/antigravitymanager/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]:
  • The SKILL.md file contains instructions prompting the agent to perform system-level installations using sudo apt install python3, brew install python3, and winget install. The use of elevated privileges (sudo) poses a risk if executed without user oversight.
  • The persist_design_system function in design_system.py constructs file paths by concatenating a base directory with user-supplied project and page names. Because the code only replaces spaces with dashes and fails to sanitize path traversal characters (e.g., ../), a malicious input could allow writing generated markdown files to arbitrary directories on the system.
  • [PROMPT_INJECTION]:
  • Ingestion points: User-provided search queries, project names, and page identifiers processed by the search.py CLI utility.
  • Boundary markers: Absent; the generated design system files (MASTER.md and page overrides) do not use delimiters or explicit instructions to prevent the agent from interpreting embedded data as new instructions.
  • Capability inventory: The skill possesses file system write capabilities (mkdir and open) and the ability to execute its own Python scripts via the agent's CLI.
  • Sanitization: Insufficient; the script's sanitization is limited to simple character replacement, leaving the system vulnerable to indirect prompt injection and path manipulation payloads.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 09:49 AM