Skills
skills/intrusive-memory/skills/ui-ux-pro-max/Gen Agent Trust Hub

ui-ux-pro-max

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill workflow requires the agent to execute a local Python script using shell interpolation of user-provided keywords without any sanitization.
  • Evidence: The command python3 "$HOME/.claude/skills/ui-ux-pro-max/scripts/search.py" "<keyword>" --domain <domain> in SKILL.md allows for shell metacharacter injection.
  • Risk: A malicious user could provide a keyword like "; touch /tmp/pwned; " to execute arbitrary commands on the host system.
  • [PRIVILEGE_ESCALATION] (HIGH): The skill instructions include the use of sudo for package management, which violates the principle of least privilege.
  • Evidence: sudo apt update && sudo apt install python3 in the Prerequisites section.
  • [INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a significant vulnerability surface by processing untrusted user input and passing it to an execution-capable tool.
  • Ingestion points: User input for 'Product type', 'Style keywords', and 'Industry' (SKILL.md Step 1).
  • Boundary markers: Absent. User input is wrapped in shell double-quotes which does not prevent command substitution or injection.
  • Capability inventory: Shell command execution via python3 (SKILL.md Step 2).
  • Sanitization: Absent. No instructions are provided to the agent to validate or escape the user input before execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 09:48 AM