ui-ux-pro-max
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (SAFE): The skill is designed to run local Python scripts to perform search queries on a provided database of UI styles. No arbitrary command execution paths were found.
- [Privilege Escalation] (LOW): Prerequisite instructions in the documentation suggest using 'sudo apt install' for environment setup; this is classified as low severity as it is a documented requirement for dependency installation via a trusted system package manager.
- [Indirect Prompt Injection] (LOW): The skill ingests data from local CSV files without output sanitization. 1. Ingestion points: Multiple CSV files in the data/ folder and subfolders are read by core.py. 2. Boundary markers: Absent; data is directly interpolated into markdown responses in search.py. 3. Capability inventory: Operations are limited to reading local files and writing to stdout; no network, file-write, or dynamic code execution capabilities exist. 4. Sanitization: Data is tokenized for search indexing but the output strings are not sanitized.
Audit Metadata