tool-design-style-selector
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): In Step 3.5, the skill is instructed to execute a Python script located at
~/.claude/skills/tool-ui-ux-pro-max/scripts/search.py. This creates a hard dependency on external code that is not contained within the analyzed package, which could lead to arbitrary code execution if the dependent skill is compromised or malicious. - INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest untrusted data from project files, creating a surface for indirect prompt injection.
- Ingestion points: Step 1 scans
README.md,package.json,Claude.md, and directory structures. - Boundary markers: Absent. The instructions do not include delimiters or warnings to ignore instructions found within scanned data.
- Capability inventory: The skill has significant capabilities, including project-wide source code modification (Step 6), file creation (Step 5), and external script execution (Step 3.5).
- Sanitization: Absent. The extracted 'intent' from scanned files is used directly to drive the transformation plan.
Audit Metadata