ui-ux-pro-max
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Persistence & File System Access] (MEDIUM): The
scripts/search.pyscript allows users to persist design systems to the local filesystem using the--persist,--project-name, and--pagearguments. - Evidence: In
scripts/search.py, theproject_slugandpage_filenameare generated using a simple.replace(' ', '-')on user-provided strings. - Impact: This is insufficient to prevent path traversal. An attacker could provide a project name like
../../etcto attempt writing files outside the intendeddesign-system/directory. - [Indirect Prompt Injection] (LOW): The skill ingests a user-provided
queryto generate a "complete design system recommendation" via thegenerate_design_systemfunction. - Ingestion points:
scripts/search.pyvia the positionalqueryargument. - Boundary markers: None visible in the provided script wrapper; relies on downstream processing in
design_system.py(not provided). - Capability inventory: The script has file-write capabilities (
persist_design_system). - Sanitization: No sanitization of the search query is performed before passing it to the recommendation generator.
- [Data Exposure] (SAFE): The CSV files contain UI/UX guidelines and code snippets. While some are labeled 'Critical' or 'High', these refer to accessibility and performance severity in the context of the design system, not security vulnerabilities within the skill's execution environment.
Audit Metadata