ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The script
scripts/search.pyimports functionality fromcore.pyanddesign_system.py. These core logic files are missing from the skill package, preventing a safety review of the search implementation and the persistence logic. This obscures potential malicious behavior or insecure coding practices. - Indirect Prompt Injection (LOW): The skill possesses a significant surface for indirect prompt injection via the data it processes.
- Ingestion points:
scripts/search.pyreads data from four CSV files:charts.csv,colors.csv,web-interface.csv, andjetpack-compose.csv. - Boundary markers: Absent. The search results are returned as raw markdown to the agent's context without delimiters or instructions to ignore embedded instructions found in the data.
- Capability inventory: The skill has file-system write capabilities (via the
--persistflag) and the ability to process user queries against external data. - Sanitization: No sanitization or escaping of the CSV content is performed in the provided wrapper script before it is returned to the agent.
- Data Exposure & Exfiltration (MEDIUM): The
--persistand--output-dirarguments inscripts/search.pyallow the agent to write data to the filesystem. Without the source code for thepersist_design_systemfunction, it is impossible to verify if the skill prevents path traversal or the overwriting of sensitive system files via user-controlled paths.
Audit Metadata