ui-ux-pro-max
Warn
Audited by Snyk on Feb 16, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly runs a search script (python3 ../../.shared/ui-ux-pro-max/scripts/search.py) across public "Available Domains" (product, style, typography, color, landing, ux, etc.) and instructs the agent to synthesize those search results, which means it fetches and interprets open/public third-party content (websites, forums, user-generated pages) as part of its operation.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs installing system packages and explicitly uses a "sudo apt install" command as a prerequisite, which directs the agent to obtain elevated privileges and modify system state.
Audit Metadata