design-good
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to execute local Python scripts (e.g.,
python3 $HOME/.claude/skills/ui-ux-pro-max/scripts/search.py) for design research. This behavior is used to orchestrate data collection from other local tools. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-supplied content is processed and passed to downstream tools.
- Ingestion points: Untrusted user input enters the agent context via placeholders like
<product-type>,<style-keywords>,<mood>, and<industry>(SKILL.md). - Boundary markers: Absent; there are no specific delimiters or instructions to prevent the agent from obeying instructions embedded within these research parameters.
- Capability inventory: The skill possesses the ability to execute shell commands (
python3), perform file writes (./docs/design-guidelines.md), and invoke various subagents (ui-ux-designer,researcher,ai-multimodal). - Sanitization: Absent; the skill does not implement validation or escaping for the strings interpolated into shell command lines, which could lead to command injection if a user provides input containing shell metacharacters.
Audit Metadata