Skills
skills/georgekhananaev/claude-skills-vault/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Technical analysis identified a surface for indirect prompt injection (Category 8) because the skill retrieves content from internal CSV databases and incorporates it into the agent's context without adequate isolation.
  • Ingestion points: The skill reads from multiple data files in the data/ directory, including styles.csv, prompts.csv, and stack-specific guidelines.
  • Boundary markers: The results generated by search.py and design_system.py are provided as plain text or Markdown lists without delimiters (such as XML tags or explicit block quotes) to distinguish processed data from instructions.
  • Capability inventory: The skill is implemented as a set of local Python scripts that the agent is instructed to execute.
  • Sanitization: The data from the CSV files is processed and displayed without sanitization, meaning any instruction-like text in the database could influence agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 05:41 PM