ui-ux-pro-max
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The instructions in 'Step 2: Search Relevant Domains' direct the agent to execute a shell command:
python3 .shared/ui-ux-pro-max/scripts/search.py "<keyword>" --domain <domain>. Since<keyword>is extracted from the user's request, an attacker can perform command injection. For example, a request containing a keyword likeminimalist\"; touch /tmp/pwned; #would cause the agent to execute unintended system commands. - [PROMPT_INJECTION] (HIGH): This constitutes an Indirect Prompt Injection surface. The skill ingests untrusted external data (user requests) and interpolates it into a command for a high-privilege tool (
run_shell_command). There are no instructions for sanitization, validation, or escaping of the user input, and the use of simple double quotes is insufficient to prevent shell breakout or subshell execution via$(...)or backticks.
Recommendations
- AI detected serious security threats
Audit Metadata