design-fast
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute local Python scripts located in the
$HOME/.claude/skills/ui-ux-pro-max/scripts/directory. These scripts are used to perform search operations for design intelligence across various domains like product, style, typography, and color. - [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by interpolating user-provided arguments into shell commands.
- Ingestion points: External data enters the context through the
$ARGUMENTSvariable within the<tasks>tags inSKILL.md. - Boundary markers: The workflow template uses double quotes to wrap the interpolated placeholders (e.g.,
"<product-type>") in the bash commands. - Capability inventory: The skill has the capability to execute subprocesses via
python3and perform file-write operations to update./docs/design-guidelines.md. - Sanitization: There is no evidence of input validation or sanitization of the arguments before they are placed into the command string, which represents a potential command injection surface if the underlying execution environment does not handle shell metacharacters.
Audit Metadata