ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill's primary workflow relies on the agent executing shell commands (
python3 scripts/search.py) to interact with its database, which increases the attack surface if the agent is given broad shell access. - [PRIVILEGE_ESCALATION] (MEDIUM): The
SKILL.mdfile contains instructions for system-level changes using elevated privileges (sudo apt update && sudo apt install python3). While intended for setup, suggestingsudocommands is a high-risk pattern for automated agents. - [EXTERNAL_DOWNLOADS] (LOW): The setup guide recommends downloading software via system package managers (
brew,apt,winget). While these are trusted sources, the action involves external network requests and system modifications. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from local CSV files and interpolates it into the agent's context without sanitization or clear boundary markers.
- Ingestion points:
scripts/core.pyreads fromdata/*.csvfiles based on user-provided keywords. - Boundary markers: The
format_outputfunction inscripts/search.pyuses simple headers (e.g.,### Result i) but lacks strict delimiters to prevent the agent from interpreting CSV content as new instructions. - Capability inventory: The agent is already tasked with executing shell commands, which could be exploited if malicious content is placed in the CSV files.
- Sanitization: No validation or escaping is performed on the data retrieved from the CSVs before it is displayed to the agent.
Audit Metadata